Re: Call for adoption: draft-reschke-httpauth-auth-info-00

* Julian Reschke wrote:
>On 2015-02-01 10:00, Bjoern Hoehrmann wrote:
>> There is basically no information in the draft what the header can,
>> should, or should not be used for, it does not even indicate what the
>> `Digest` scheme uses it for, and it does not point out caveats like
>The latter is supposed to be in the DIGEST spec.
>Do you have a proposal for the former?
>> poor interaction with pipelined requests as they are noted in RFC 2617
>> and whether such considerations apply to HTTP/2, for instance. I guess
>Again, that seems to be specific to the nextnonce parameter which is 
>specific to DIGEST.

A possible starting point would be to explain whether, how, and why it
is better to use an authentication scheme independent header to specify
authentication scheme specific parameters. If it's pretty much always
better to use `Authentication-Info` then there probably should be some
SHOULD-level requirement to use it somewhere.
Björn Höhrmann · ·
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 ·
 Available for hire in Berlin (early 2015)  · 

Received on Monday, 2 February 2015 01:41:38 UTC