- From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
- Date: Fri, 30 Jan 2015 09:11:39 -0500
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Hervé Ruellan <herve.ruellan@crf.canon.fr>, ietf-http-wg@w3.org
Received on Friday, 30 January 2015 14:12:07 UTC
Why would we restrict the use of this header in future protocols based on the Digest usage of this header? What would be the harm in allowing the new protocol that uses the header to restrict it usage? Regards, Rifaat On Fri, Jan 30, 2015 at 7:55 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > On 2015-01-30 13:34, Hervé Ruellan wrote: > >> I think it's a good thing to have a common mechanism that could be >> reused by several authentication schemes (at least DIGEST and SCRAM for >> now). >> >> I find that the definition of the Authentication-Info header field is >> fuzzier in this draft than it was in DIGEST. In DIGEST this header field >> is intended to be used for "information regarding the successful >> authentication of a client response". >> I'd tweak the wording in the draft to put back this precision. I think >> it would alleviate Martin's concerns. Or did I miss something? >> >> Regards, >> >> Hervé. >> > > No, you didn't miss anything. Sounds like a good point (to stick with what > 2617 said unless we have good reason to change it). > > Best regards, Julian > >
Received on Friday, 30 January 2015 14:12:07 UTC