Re: Review of draft-ietf-geopriv-http-location-delivery

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Martin:

Regarding #2, I would feel more comfortable with your text if it had the strength of a RECOMMENDATION. Making a specific policy configuration a MUST NOT doesn't make sense. Also, this discussion is missing the possibility of client authentication in TLS, which falls under the same recommendation. Suggested text follows:

Old:

The LIS MUST NOT rely on device support for cookies [RFC2965] or use Basic or Digest authentication [RFC2617].


New (Thomson):

A Device that conforms to this specification is not required to
support HTTP authentication [RFC2617] or cookies [RFC2965].  Because
the Device and LIS do not necessarily have a prior relationship and
this protocol is suited to a range of networks, there is no common
authentication mechanism that can be used for any access network.
A LIS MUST NOT deny access to location information based on the
absence of Device authentication, unless it can be guaranteed that
all Devices in the access network are aware that authentication is
required.

New (Barnes):

A Device that conforms to this specification MAY omit support for HTTP authentication [RFC2617] or cookies [RFC2965]. Because the Device and the LIS may not necessarily have a prior relationship, it is RECOMMENDED that that the LIS not require a Device to authenticate, either using the above HTTP authentication methods or TLS client authentication.

--Richard
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]