Opened 8 years ago

Last modified 8 years ago

#4 new defect

Some issues with Authentication Realm

Reported by: ynir@… Owned by: draft-ietf-httpauth-mutual@…
Priority: major Milestone:
Component: mutual Version:
Severity: Submitted WG Document Keywords: punycode web origin
Cc:

Description

Reported by Ilari, Stephen

Single-server type looks an awful lot like a web origin. Why not use that?
Additionally, what about when dealing with DNS-SD? That uses native UTF-8 on the wire instead of Punycode. I have no idea how HTTP host names are represented in that case.

Change History (1)

comment:1 Changed 8 years ago by y.oiwa@…

Authentication realm concept, as a whole, is independent from Web-origins.
The "single-server type" coincides with web-origin, and other types not.

  • Delegating definition of only one type among three to the external document seems to make document less obvious. Noting the relation between them will be beneficial to readers instead.
  • We may drop default port numbers (:80 and :443) from the output, so that it become more compatible with web origin string.

DNS-SD issue seems (for me) to be the HTTPBIS issue.
Many existing specifications related to HTTP and IDN silently assume that URLs are pre-translated to IDN-encoded ones (possibly before DNS queries).
If HTTP/2.0, 2.1 or 3.0 ... treats this differently, we need to define the auth-domain parameter in a different way from the current text, so that it retains canonical property.

Note: See TracTickets for help on using tickets.