W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Call for adoption: draft-reschke-httpauth-auth-info-00

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Mon, 02 Feb 2015 02:41:02 +0100
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP <ietf-http-wg@w3.org>
Message-ID: <nkhtca5dk8kipucubf8rr2srhb5i6up4j5@hive.bjoern.hoehrmann.de>
* Julian Reschke wrote:
>On 2015-02-01 10:00, Bjoern Hoehrmann wrote:
>> There is basically no information in the draft what the header can,
>> should, or should not be used for, it does not even indicate what the
>> `Digest` scheme uses it for, and it does not point out caveats like
>
>The latter is supposed to be in the DIGEST spec.
>
>Do you have a proposal for the former?
>
>> poor interaction with pipelined requests as they are noted in RFC 2617
>> and whether such considerations apply to HTTP/2, for instance. I guess
>
>Again, that seems to be specific to the nextnonce parameter which is 
>specific to DIGEST.

A possible starting point would be to explain whether, how, and why it
is better to use an authentication scheme independent header to specify
authentication scheme specific parameters. If it's pretty much always
better to use `Authentication-Info` then there probably should be some
SHOULD-level requirement to use it somewhere.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/ 
Received on Monday, 2 February 2015 01:41:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC