W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2013

Re: WGLC: p7 MUSTs

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 7 May 2013 14:41:44 +1000
Cc: IETF HTTP WG <ietf-http-wg@w3.org>
Message-Id: <A3BBF4BA-5E46-433C-A5B5-A2812A35C162@mnot.net>
To: Alex Rousskov <rousskov@measurement-factory.com>
Thanks, Alex; I've made these issues #478-481, all editorial.


On 01/05/2013, at 3:09 PM, Alex Rousskov <rousskov@measurement-factory.com> wrote:

> Hello,
> 
>    These comments are based on the "latest" snapshot dated Mon 29 Apr
> 2013 03:13:05 PM MDT at
> https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p7-auth.html
> 
> I hope these issues are "editorial in nature".
> 
> 
>> For historical reasons, senders MUST only use the quoted-string syntax.
> 
> Perhaps this can be relaxed to "MUST only generate", especially since
> another MUST prohibits proxies from modifying WWW-Authenticate and
> Authorization header fields.
> 
> 
> And here is a list of requirements that are missing an explicit actor on
> which the requirement is placed. Even though it is often possible to
> guess the actor, most of these should be easy to rephrase to place the
> requirement on the intended actor explicitly (e.g., "A proxy MUST"
> instead of "a header field MUST":
> 
>> each parameter name MUST only occur once per challenge
> 
>> This response MUST include a WWW-Authenticate header
> 
>> The 407 (Proxy Authentication Required) response message [...] MUST
>> include a Proxy-Authenticate header field
> 
>> information necessary to authenticate a request MUST be provided in
>> the request
> 
>> It MUST be included as part of a 407 (Proxy Authentication Required)
>> response.
> 
>> It MUST be included in 401 (Unauthorized) response messages
> 
> Please be careful with "send" and "generate" when fixing the above
> actorless rules so that the proxies do not accidentally become
> responsible for policing traffic where unnecessary.
> 
> 
> Thank you,
> 
> Alex.
> 

--
Mark Nottingham   http://www.mnot.net/
Received on Tuesday, 7 May 2013 04:42:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:13 UTC