W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: Informal Last Call for draft-reschke-basicauth-enc-04, was: Fwd: I-D Action: draft-reschke-basicauth-enc-04.txt

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Mon, 30 Jan 2012 12:17:18 +0100
To: Julian Reschke <julian.reschke@gmx.de>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <visci75v85ndepsfib5qfpdqvsb84m8piu@hive.bjoern.hoehrmann.de>
* Julian Reschke wrote:
><http://greenbytes.de/tech/webdav/draft-reschke-basicauth-enc-04.html>; 

Well, "There is little interoperability for characters in the ISO-8859-1
character set" the US-ASCII subset works reasonably well.

Don't repeat so much of / so literally the Abstract in the Introduction,
it's confusing to read the duplicate.

I think you should mention "WWW-Authenticate" earlier than section 4,
(something like "for use in headers like WWW-Authenticate" somewhere),
otherwise it's easy to expect this is for `Authorization` (in part due
to the name, `useUTF8` or `use-utf-8="yes" or some such would have been
clearer).

"For credentials sent by the user agent, the "encoding" parameter is
reserved for future use and MUST NOT be sent." You can only reserve
among options, and RFC 2617 does not allow `encoding` in credentials.
This should simply say it does not apply to credentials.

The following "The reason for this is" paragraph is confused, it should
probably be an editor's note to be removed later, otherwise you would
have to be much clearer what your idea for the parameter's content is,
the main use case would seem to be recognizing whether the client did
understand the request to use UTF-8, and that would seem useful enough.

>With respect to intended status: in theory, this is a candidate for 
>Experimental. However, Basic Authentication (as defined in RFC 2617) 
>doesn't have a registry for extension parameters, so the cleanest 
>approach appears to say "Updates 2617", which IMHO requires a standards 
>track document.

Updates 2617 sounds good to me; if there is any problem with that, we
could make two specifications, one that updates 2617 and establishes a
registry and then have your extension as experimental document.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Monday, 30 January 2012 11:17:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:54 GMT