- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 03 Aug 2011 16:03:08 +0200
- To: HTTP Working Group <ietf-http-wg@w3.org>
On 2011-07-28 16:34, Julian Reschke wrote: > Hi, > > I've got a TODO to mark the authentication scheme name "negotiate" as > reserved (in draft-ietf-httpbis-authscheme-registrations); see > <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/308>. > > Thoughts: > > - the registry doesn't have a "status" entry; should we add that (with > what values)? > > - if we keep the registry simple, what's the reference we would put in? > A pointer to a new appendix in > draft-ietf-httpbis-authscheme-registrations, noting that "negotiate" is > reserved as a scheme name, but it's not a valid scheme as per our > requirements? > > - that being said, should there be an erratum on RFC 4559 pointing out > the problems? > > Best regards, Julian OK, - I have added a "Notes" entry to the auth scheme registry (see <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1371>), and - added 'Negotiate' (<http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1372>) with a Note saying: "This authentication scheme violates both HTTP semantics (being connection-oriented) and syntax (use of syntax incompatible with the WWW-Authenticate and Authorization header field syntax)." I also opened two errata on RFC 4559; see <http://www.rfc-editor.org/errata_search.php?eid=2912> and <http://www.rfc-editor.org/errata_search.php?eid=2913>. Best regards, Julian
Received on Wednesday, 3 August 2011 14:03:40 UTC