- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 05 Mar 2013 21:36:19 +0100
- To: ietf-http-wg@w3.org
<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-http2-01.html#Authentication>: "There are four options for proxy authentication, Basic, Digest, NTLM and Negotiate (SPNEGO). The first two options were defined in RFC2617 [RFC2617], and are stateless. The second two options were developed by Microsoft and specified in RFC4559 [RFC4559], and are stateful; otherwise known as multi-round authentication, or connection authentication." As far as I can tell, RFC4559 does not actually define an NTLM auth scheme. If it did, we'd need to add it to <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-authscheme-registrations-latest.html>. (And yes, I know that there's a NTLM scheme used in practice, I just don't see it defined by RFC4559). Later on: "Unfortunately, the stateful authentication mechanisms were implemented and defined in a such a way that directly violates RFC2617 - they do not include a "realm" as part of the request. This is problematic in HTTP/2.0 because it makes it impossible for a client to disambiguate two concurrent server authentication challenges." If these schemes need HTTP/2.0-specific fixes, these should be defined in a separate document, updating RFC4559. Optimally, we can get rid of the whole section. Best regards, Julian
Received on Tuesday, 5 March 2013 20:36:49 UTC