W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Call for adoption: draft-reschke-httpauth-auth-info-00

From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Fri, 30 Jan 2015 09:11:39 -0500
Message-ID: <CAGL6epLUkFi6amhExWASqjS5Mvs1MVTJ1hDmhBTncznQV1GK1A@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Hervé Ruellan <herve.ruellan@crf.canon.fr>, ietf-http-wg@w3.org
Why would we restrict the use of this header in future protocols based on
the Digest usage of this header?
What would be the harm in allowing the new protocol that uses the header to
restrict it usage?

Regards,
 Rifaat


On Fri, Jan 30, 2015 at 7:55 AM, Julian Reschke <julian.reschke@gmx.de>
wrote:

> On 2015-01-30 13:34, Hervé Ruellan wrote:
>
>> I think it's a good thing to have a common mechanism that could be
>> reused by several authentication schemes (at least DIGEST and SCRAM for
>> now).
>>
>> I find that the definition of the Authentication-Info header field is
>> fuzzier in this draft than it was in DIGEST. In DIGEST this header field
>> is intended to be used for "information regarding the successful
>> authentication of a client response".
>> I'd tweak the wording in the draft to put back this precision. I think
>> it would alleviate Martin's concerns. Or did I miss something?
>>
>> Regards,
>>
>> Hervé.
>>
>
> No, you didn't miss anything. Sounds like a good point (to stick with what
> 2617 said unless we have good reason to change it).
>
> Best regards, Julian
>
>
Received on Friday, 30 January 2015 14:12:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC