Re: [Privacy-pass] Working Group Last Call for the Privacy Pass HTTP Authentication Scheme from Tommy Pauly on 2022-10-28 (ietf-http-wg@w3.org from October to December 2022)

From: Tommy Pauly <tpauly@apple.com>
Date: Fri, 28 Oct 2022 08:11:47 -0700
To: Julian Reschke <julian.reschke@gmx.de>
Cc: ietf-http-wg@w3.org
Message-id: <E657E78A-0ECF-4270-AE88-059D2EBF1412@apple.com>

Thanks Julian!

> On Oct 28, 2022, at 6:56 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> 
> On 28.10.2022 06:00, Tommy Pauly wrote:
>> Hi HTTP WG,
>> 
>> The Privacy Pass WG placed its HTTP authentication scheme document in
>> last call. As a co-author of that document, I’d appreciate if people in
>> this group could also review the document during this time!
>> 
>> Best,
>> Tommy
> 
> Just a few quick observations:
> 
> 1. HTTP auth nowadays is defined in RFC 9110.

Indeed. Missed updating this one when 9110 came out. Fixing here: https://github.com/ietf-wg-privacypass/base-drafts/pull/208
> 
> 2. auth parameters are token or quoted-string. If you use base64-url
> encoding with "=" for padding, the token variant would not work, thus
> the abbreviated examples are extremely misleading (might be good to
> insert complete message examples...).

Very good point. It should specify that these are quoted strings.

Filed this issue: https://github.com/ietf-wg-privacypass/base-drafts/issues/209
 <https://github.com/ietf-wg-privacypass/base-drafts/issues/209>And a PR to fix: https://github.com/ietf-wg-privacypass/base-drafts/pull/210

Thanks,
Tommy

> 
> Best regards, Julian
> 
>

Received on Friday, 28 October 2022 15:12:13 UTC