Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt>

ietf

Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard

2015-02-06 10:42:29

On the "obfuscation" point:

I do not think the use of Base64 is intended as obfuscation and it seems
misleading to me to describe it as such. (The Introduction has the same
problem).


I think it was.


I would take it to mean, in this context, "make difficult to decode",
while it's more likely used to "deal with special characters". In any
case, if the idea is to note that Base64 is easily reversible, say that
instead of "obfuscated".


Obfuscation doesn't have to be hard to decode.  The point is that one
reason base64 was used was to make it so usernames and passwords don't
appear clearly in datastreams and log files.  If you know where to
find them, they're trivial to decode, of course.  But you can't just
scan the data and say, "Ah, look, there's a username and password."

Barry

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Bjoern Hoehrmann Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Julian Reschke Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Bjoern Hoehrmann Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Barry Leiba <= ignoring unknown parameters, Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Julian Reschke Re: ignoring unknown parameters, Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Bjoern Hoehrmann Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Tony Hansen Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Julian Reschke Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Bjoern Hoehrmann Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Julian Reschke Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Kathleen Moriarty Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Alexey Melnikov Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Bjoern Hoehrmann Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Alexey Melnikov

Previous by Date:	Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Alexey Melnikov
Next by Date:	Re: Naive question on multiple TCP/IP channels and please dont start a uS NN debate here unless you really want to., Michael Richardson
Previous by Thread:	Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Bjoern Hoehrmann
Next by Thread:	ignoring unknown parameters, Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Julian Reschke
Indexes:	[Date] [Thread] [Top] [All Lists]