W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: The Hypertext Transfer Protocol (HTTP) Authentication-Info Header Field

From: Julian Reschke <julian.reschke@greenbytes.de>
Date: Wed, 28 Jan 2015 11:59:51 +0100
Message-ID: <54C8C127.4090802@greenbytes.de>
To: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
On 2015-01-28 10:59, Amos Jeffries wrote:
> ...
> I think its a good idea.
> ...


> It is also worth noting at this point that those headers are already in
> use in the wild (by Squid at least) for Negotiate scheme in a way that
> does not match the ABNF. Instead they just echo back from the server the
> accepted "Negotiate <token>" credentials received from the client.
> ...

Well, Negotiate already is that weirdo (see RFC 7236).

We *could* define Authentication-Info without having an ABNF, but I'd 
prefer to stick to what RFC 2617 said (it's flexible enough).

> I am not sure exactly why Squid does this, I've queried our dev team to
> see if anyone knows.

Thanks. It's certainly not document in the RFC. In a quick search, I 
also found <http://curl.haxx.se/mail/archive-2009-02/0106.html>.

Best regards, Julian
Received on Wednesday, 28 January 2015 11:00:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC