W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Call for adoption: draft-reschke-httpauth-auth-info-00

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 04 Feb 2015 17:46:52 +0100
Message-ID: <54D24CFC.20709@gmx.de>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
CC: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org, Yutaka Oiwa <y.oiwa@aist.go.jp>, Alexey Melnikov <alexey.melnikov@isode.com>
On 2015-02-02 15:08, Rifaat Shekh-Yusef wrote:
> This document does not define any semantics associated with these
> header, which means that the document that uses these header will be the
> one that must address the information leak issue.
> I do not see why we would restrict a future use of these headers based
> on the Digest usage; this seems odd to me.
>
> Regards,
>   Rifaat

Well, the goal for me was not to define anything new, but just to 
extract what we have already into something that can be maintained 
separately from DIGEST. As such, Hervé's comment made sense to me, and I 
updated the editor's copy accordingly:

 
<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-auth-info-latest-from-previous.diff.html>

Maybe other potential users of Auth-Info (Yutaka & Alexey) could state 
whether having this constraint would affect their ability to use 
Authentication-Info?

Assuming that is not the case, I'd like to declare victory, submit a new 
draft, and ask Mark to start a WGLC...

Best regards, Julian
Received on Wednesday, 4 February 2015 16:47:55 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:48 UTC