ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard

2015-02-10 13:58:01
from [Tony Hansen] [Permanent Link] 

On 2/6/15 1:43 AM, Julian Reschke wrote:

On 2015-02-05 23:49, Bjoern Hoehrmann wrote:

* The IESG wrote:

Abstract

   This document defines the "Basic" Hypertext Transfer Protocol (HTTP)
Authentication Scheme, which transmits credentials as userid/password 
   pairs, obfuscated by the use of Base64 encoding.


I do not think the use of Base64 is intended as obfuscation and it seems
misleading to me to describe it as such. (The Introduction has the same
problem).


I think it was.
I thought the primary reason was so that the credentials would be able to contain arbitrary characters, potentially not otherwise representable within the surrounding protocol. It's an encoding scheme, not an obfuscation scheme. 

    Tony Hansen
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Strong objection to draft-ietf-WG-*.all noise levels, Robert Sparks
Next by Date:  Re: ignoring unknown parameters, Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Bjoern Hoehrmann
Previous by Thread:  Re: ignoring unknown parameters, Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Bjoern Hoehrmann
Next by Thread:  Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard, Julian Reschke
Indexes:  [Date] [Thread] [Top] [All Lists]