http-authentication-01 comments

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Koen Holtman: "Comments on draft-ietf-http-v11-spec-rev-03"
• Previous message: Jim Gettys: "Note on interoperability reports..."

It would be _really_ nice to have a format other than plain text,
hint, hint.  I doubt you compose this in notepad, and change bars are
extremly helpful for last-call reviews, and the previous version had
alternate formats.

Section 3.6, Proxy-Authentication and Proxy-Authorization, references
these headers as 10.30 and 10.31.  In RFC 2068 and the current
draft (-03), this is 14.33 and 14.34.  Also, it makes reference to "as
defined above in section 2.1", which does not exist.

Inconsistency:
HTTP-03 Section 14.33 says:
"Proxy-Authenticate SHOULD NOT be passed on"
AUTH-01 1.2 says:
"Both the Proxy-Authenticate and the Proxy-Authorization header fields
are hop-by-hop headers" (but HTTP-03 section 13.5.1 has no normative
requirements on existing hop-by-hop headers)
AUTH-01 3.6 says:
"...Proxy-Authenticate... must not be passed on by proxies"

The note that comprises the last paragraph of 3.6 applies to basic
also.


Richard L. Gray
will code for chocolate

• Next message: Koen Holtman: "Comments on draft-ietf-http-v11-spec-rev-03"
• Previous message: Jim Gettys: "Note on interoperability reports..."