Re: Call for adoption: draft-reschke-httpauth-auth-info-00

Why would we restrict the use of this header in future protocols based on
the Digest usage of this header?
What would be the harm in allowing the new protocol that uses the header to
restrict it usage?


On Fri, Jan 30, 2015 at 7:55 AM, Julian Reschke <>

> On 2015-01-30 13:34, Hervé Ruellan wrote:
>> I think it's a good thing to have a common mechanism that could be
>> reused by several authentication schemes (at least DIGEST and SCRAM for
>> now).
>> I find that the definition of the Authentication-Info header field is
>> fuzzier in this draft than it was in DIGEST. In DIGEST this header field
>> is intended to be used for "information regarding the successful
>> authentication of a client response".
>> I'd tweak the wording in the draft to put back this precision. I think
>> it would alleviate Martin's concerns. Or did I miss something?
>> Regards,
>> Hervé.
> No, you didn't miss anything. Sounds like a good point (to stick with what
> 2617 said unless we have good reason to change it).
> Best regards, Julian

Received on Friday, 30 January 2015 14:12:07 UTC