Skip to main content

The 'Basic' HTTP Authentication Scheme
draft-ietf-httpauth-basicauth-update-07

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    httpauth mailing list <http-auth@ietf.org>,
    httpauth chair <httpauth-chairs@tools.ietf.org>
Subject: Protocol Action: 'The 'Basic' HTTP Authentication Scheme' to Proposed Standard (draft-ietf-httpauth-basicauth-update-07.txt)

The IESG has approved the following document:
- 'The 'Basic' HTTP Authentication Scheme'
  (draft-ietf-httpauth-basicauth-update-07.txt) as Proposed Standard

This document is the product of the Hypertext Transfer Protocol
Authentication Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-httpauth-basicauth-update/


Ballot Text

Technical Summary

   This document defines the "Basic" Hypertext Transfer Protocol (HTTP)
   Authentication Scheme, which transmits credentials as userid/password
   pairs, Base64 encoded. The "Basic" scheme previously was defined in
   Section 2 of [RFC2617].  This document updates the definition, and also
   addresses internationalization issues by introducing the "charset"
   authentication parameter (Section 2.1).
   This version details all of the known security issues and explicitly
   discourages it's use when a more secure type of authentication
   should be used.

Working Group Summary

   This document is part of a set of documents that includes HTTP Digest
   and RFC7235 to collectively obsolete RFC 2617.  As such, this draft
   describes existing practice, with an update to add support for 
   internationalization:
    o A new charset parameter with UTF-8 as the only valid value.
    o A normative reference to the precis draft for valid characters.
    o Appendix B with deployment considerations for co-existing with
      legacy implementations.
   
   With version -07 it is the consensus of the HTTP-Auth working group 
   that this document is fit to be published as a standards-track RFC.

Document Quality

   There are a few implementations of this specification, and they have 
   been tested and shown to interoperate with the large install base of 
   web browsers and web servers.

Personnel

   Kathleen Moriarty is the responsible Area Director.
   Yoav Nir is the document shepherd.

IANA Note

    IANA maintains the registry of HTTP Authentication Schemes
    ([RFC7235]) at <http://www.iana.org/assignments/http-authschemes>
    and the entry for the "Basic" Authentication Scheme is to be updated with
    a pointer to this specification.

RFC Editor Note