The Hypertext Transfer Protocol (HTTP) Authentication-Info Header Field

Dear WG,

when we worked on RFC 7235, we extracted the authentication framework 
from RFC 2617, but failed to realize that the section about the DIGEST 
authentication scheme indeed added another pair of generic header 
fields: (Proxy-)Authentication-Info.

As a matter of fact, Alexey Melnikov noticed this in time, but back then 
we didn't have the time & energy to do the right thing.

Today, we have the DIGEST revision coming up in the HTTPAuth WG, and 
that still contains the header field definition 
Furthermore, Alexey's SCRAM draft uses it, but does not reference DIGEST 
although with a minor syntax variation).

Last weekend I sat down and wrote a tiny draft (5 pages incl. 
boilerplate, ToC, references, whatnot) that makes these header field 
definitions standalone:


...with the purpose of

- allowing DIGEST refer to it instead of in-lining the definition,

- allowing Alexey to use it, and most importantly

- having a clear path for RFC 7235bis.

The last point makes it a candidate for this working group; to be useful 
for the work over in HTTPAuth we'd need to be quick, though; optimally 
IETF LC before the Dallas meeting; given the size of the draft this 
should be possible...

What do others think?

Best regards, Julian

(*) The boilerplate says to send feedback to HTTPAuth, please ignore 
this for now.

Received on Wednesday, 28 January 2015 08:57:21 UTC