Re: #195, was: ABNF for Authorization header not quite right from Adrien de Croy on 2011-07-28 (ietf-http-wg@w3.org from July to September 2011)

From: Adrien de Croy <adrien@qbik.com>
Date: Thu, 28 Jul 2011 13:11:40 +1200
To: Thomas Maslen <Thomas.Maslen@quest.com>
CC: "Manger, James H" <James.H.Manger@team.telstra.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <4E30B74C.4090408@qbik.com>

base 64 blobs allow any sort of arbitrary binary structure to be sent.  
Therefore anything can be described by a single one.


On 28/07/2011 1:06 p.m., Thomas Maslen wrote:
> On Wed 2011-07-27 17:45 +0700  Manger, James H<James.H.Manger@team.telstra.com>  wrote:
> [...]
>> That is, I think a<b64>  blob should only be allowed when it is the first (and only) parameter.
> I agree, both for challenges and for credentials.
>
> If some auth-scheme needs multiple base64 blobs it should use #auth-param
> (i.e. key-value pairs, presumably with quoted-string values) to convey them.
>
> I agree that NTLM, Negotiate, and even Nego2 need only a single base64 blob;
> they do not need multiple base64 blobs.
>

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
WinGate 7 beta out now - http://www.wingate.com/getlatest/

Received on Thursday, 28 July 2011 01:12:20 UTC