The IESG wrote:
> The IESG has received a request from the RADIUS
EXTensions WG (radext)
> to consider the following document:
> - 'RADIUS Extension for Digest Authentication '
> <draft-ietf-radext-rfc4590bis-01.txt> as a
Proposed Standard
Hi, this draft might be also interesting for the 2831bis
(SASL) and
2617bis (HTTP-AUTH) folks. From a quick read I found that
the I-D
picked the "keep backslash as is" approach between
client and proxy,
trimming \ and " only at the RADIUS server.
The other DIGEST-MD5 parameters are as always confusing, I
don't see
anything related to SASLprep in the draft (it's based on
2617). It
mentions 2069 backwards compatibility based on the absence
of "QoP",
I'm not sure if that's correct for "md5-sess"
without "QoP".
The draft says that the length of NC is 10, shouldn't that
be 8 ?
The first example has no CNONCE and no NC, my script claims
that this
is a fatal error for qop=auth, isn't it ? RFC 2617 says
that it MUST
be sent for a non-empty qop.
The password for the 4590 examples isn't shown, therefore
I'm unable
to check them, even after adjusting the code to treat
qop=auth without
CNONCE as 2069 fallback. Should I treat CNONCE as empty and
make up
an NC 00000001 ?
Without SASLprep the draft IMO needs some "I18N
considerations" about
non-ASCII user names and passwords as mandated by BCP 18
(RFC 2277).
Frank
_______________________________________________
Ietf-http-auth mailing list
Ietf-http-auth osafoundation.org
http://lists.osafoundation.org/cgi-bin/mai
lman/listinfo/ietf-http-auth
|