Re: [apps-discuss] HTTP MAC Authentication Scheme

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 03 June 2011 12:26 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2180E0714; Fri, 3 Jun 2011 05:26:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QpMnUKF7BM61; Fri, 3 Jun 2011 05:26:59 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [134.226.32.56]) by ietfa.amsl.com (Postfix) with ESMTP id B4A26E06D3; Fri, 3 Jun 2011 05:26:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 49D41171C30; Fri, 3 Jun 2011 13:26:55 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1307104014; bh=Q+JdJI1kXBA9eH 9b6Y2qCB0QRbUR9H7RHhiWCvjUFeo=; b=N1PKaHRptFYeLUajLdGdur0Ld5LqE0 HDQhAvu/rkDmIz/pMpxIsn/xp0YhfCrvAtZDQ3Ckz4pe0PGUSRB/b4TyISIpNk5L Ut6/1asppg+oA4/BTDaK78mO9wd+TvhUXp45fQ5C764h2n3xdmNcKfbnZbap8KtZ w03WP+l5n27LTfv+KLoMWQh5V4zDTyrv1FUqQCAf2rucEmDlcg4DiDs1ALGWn4Cf 9Eqqh8HCNRD5t6jl9vTvgXxHrLf4RKyiJMqyuocfjGBvW2eHosPx7zAymzl94dZP cLIcOHy7dXl/cfTDl5J6kf4W2VdZayPXy0jVKKodwzKxu9IK0tMPlWEQ==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id bBe2TUES7iDn; Fri, 3 Jun 2011 13:26:54 +0100 (IST)
Received: from [134.226.36.137] (stephen-samy.dsg.cs.tcd.ie [134.226.36.137]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 74227171C2E; Fri, 3 Jun 2011 13:26:51 +0100 (IST)
Message-ID: <4DE8D2F4.1050103@cs.tcd.ie>
Date: Fri, 03 Jun 2011 13:26:28 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: dcrocker@bbiw.net
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <EF1DF135-708B-4244-AA3A-020761EDB290@mnot.net> <4DE62D93.7040009@cs.tcd.ie> <4DE7FDA7.8030300@dcrocker.net>
In-Reply-To: <4DE7FDA7.8030300@dcrocker.net>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: OAuth WG <oauth@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "http-state@ietf.org" <http-state@ietf.org>
Subject: Re: [apps-discuss] HTTP MAC Authentication Scheme
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2011 12:26:59 -0000

Hi Dave,

On 02/06/11 22:16, Dave CROCKER wrote:
> Stephen,
> 
> On 6/1/2011 5:16 AM, Stephen Farrell wrote:
>> Just on DOSETA - that's not currently got any official
>> home in the IETF so its not something that would be right
>> to reference at this point (unless the oauth WG wanted to
>> adopt DOSETA but I'd be very surprised if that were the
>> case for timing reasons).
> 
> I'm confused on two counts.  (To be honest, of course, I'm confused
> about many points, but two of them are relevant to this thread...)
> 
> One, of course, is that I've been actively raising DOSETA in various
> IETF venues for the different groups to considering adopting and/or
> adapting it.  As such, discussion of DOSETA permits exploring the
> possibility of adoption and/or adaptation.

I don't get the confusion aspect there, but the rest below
might clarify.

> The second is that you appear to be stating a policy that a working
> group is only permitted to reference things which are currently and
> officially IETF work items.  I suspect that that is not what you meant,
> so at the least, please clarify what you do mean.

Right. I wasn't stating any general policy.

What I meant was that the oauth WG needs to get oauth2.0 done
and that seems to require also getting the mac scheme done, so
adding a dependency to something at an early stage of development
(like DOSETA) at this point would not be a good plan for oauth.
That's all. Exploring  whether DOSETA or something similar is
useful is a fine thing to do, its just a bit early for oauth.

> If you really do mean anything like the interpretation I just
> summarized, please explain its basis.
> 
>> To be clear, as an individual, I do think that "something
>> like DOSETA" is a really good idea and maybe DOSETA will
>> turn out to be that something, I don't know.
> 
> If it is not acceptable to 'reference' DOSETA now and here, then how
> will the determination of its utility be made?

Following our usual highly-predictable process I guess;-)

I assume that the next step would be for a bunch of interested
folks to figure out where and when it might make sense to do
more on DOSETA.

S.

> 
> 
> Thanks.
> 
> d/
>