Re: [apps-discuss] HTTP MAC Authentication Scheme

Dave CROCKER <> Thu, 02 June 2011 21:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 528C1E08BD; Thu, 2 Jun 2011 14:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.574
X-Spam-Status: No, score=-6.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SRyOR0rfJk53; Thu, 2 Jun 2011 14:16:43 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A98F1E06FC; Thu, 2 Jun 2011 14:16:43 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id p52LGW9q002436 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 2 Jun 2011 14:16:38 -0700
Message-ID: <>
Date: Thu, 02 Jun 2011 14:16:23 -0700
From: Dave CROCKER <>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/20110414 Thunderbird/3.1.10
MIME-Version: 1.0
To: Stephen Farrell <>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 ( []); Thu, 02 Jun 2011 14:16:39 -0700 (PDT)
Cc: OAuth WG <>, HTTP Working Group <>, "" <>, "" <>
Subject: Re: [apps-discuss] HTTP MAC Authentication Scheme
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Jun 2011 21:16:44 -0000


On 6/1/2011 5:16 AM, Stephen Farrell wrote:
> Just on DOSETA - that's not currently got any official
> home in the IETF so its not something that would be right
> to reference at this point (unless the oauth WG wanted to
> adopt DOSETA but I'd be very surprised if that were the
> case for timing reasons).

I'm confused on two counts.  (To be honest, of course, I'm confused about many 
points, but two of them are relevant to this thread...)

One, of course, is that I've been actively raising DOSETA in various IETF venues 
for the different groups to considering adopting and/or adapting it.  As such, 
discussion of DOSETA permits exploring the possibility of adoption and/or 

The second is that you appear to be stating a policy that a working group is 
only permitted to reference things which are currently and officially IETF work 
items.  I suspect that that is not what you meant, so at the least, please 
clarify what you do mean.

If you really do mean anything like the interpretation I just summarized, please 
explain its basis.

> To be clear, as an individual, I do think that "something
> like DOSETA" is a really good idea and maybe DOSETA will
> turn out to be that something, I don't know.

If it is not acceptable to 'reference' DOSETA now and here, then how will the 
determination of its utility be made?




   Dave Crocker
   Brandenburg InternetWorking