W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

additional mechanisms on top of the auth framework, was: SECDIR review of draft-ietf-httpbis-p7-auth-24

From: Julian Reschke <julian.reschke@greenbytes.de>
Date: Thu, 31 Oct 2013 14:54:45 +0100
Message-ID: <52726125.1000802@greenbytes.de>
To: Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, fielding@gbiv.com, mnot@pobox.com, Barry Leiba <barryleiba@computer.org>, Pete Resnick <presnick@qti.qualcomm.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2013-10-29 20:35, Stephen Kent wrote:
 > ...
 > Later on page 6 the text says:
>
> The HTTP protocol does not restrict applications to this simple
>
> challenge-response framework for access authentication.Additional
>
> mechanisms MAY be used, such as encryption at the transport level or
>
> via message encapsulation, and with additional header fields
>
> specifying authentication information.However, such additional
>
> mechanisms are not defined by this specification.
>
> Encryption is not, per se, an authentication mechanism. Please revise
> this text.
> ...


OK. Maybe:

"HTTP does not restrict applications to this simple challenge-response 
framework. Additional mechanisms can be used, such as additional header 
fields carrying authentication information, or encryption on the 
transport layer in order to provide confidentiality. However, such 
additional mechanisms are not defined by this specification."

?

Best regards, Julian
Received on Thursday, 31 October 2013 13:55:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC