IETF Logo Mail Archive

Re: [Ietf-http-auth] Re: [dix] Notes on Web authentication enhancements

Sam Hartman <hartmans-ietf@mit.edu> Thu, 06 July 2006 22:31 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FycNA-0005rS-KR; Thu, 06 Jul 2006 18:31:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FycN9-0005lj-Nv for dix@ietf.org; Thu, 06 Jul 2006 18:30:59 -0400
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FycN7-0004Ae-Ew for dix@ietf.org; Thu, 06 Jul 2006 18:30:59 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 955CCE0079; Thu, 6 Jul 2006 18:31:21 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: EKR <ekr@networkresonance.com>
Subject: Re: [Ietf-http-auth] Re: [dix] Notes on Web authentication enhancements
References: <20060619220742.40B85222427@laser.networkresonance.com> <tsl3bdoiq9g.fsf@cz.mit.edu> <86mzbqbwjm.fsf@raman.networkresonance.com> <tslk66qa6wi.fsf@cz.mit.edu> <86k66qwmzo.fsf@raman.networkresonance.com> <tslveqa8o1d.fsf@cz.mit.edu> <86sllev1b0.fsf@raman.networkresonance.com>
Date: Thu, 06 Jul 2006 18:31:21 -0400
In-Reply-To: <86sllev1b0.fsf@raman.networkresonance.com> (Eric Rescorla's message of "Thu, 06 Jul 2006 15:03:15 -0700")
Message-ID: <tslirma74cm.fsf@cz.mit.edu>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Cc: Digital Identity Exchange <dix@ietf.org>, ietf-http-auth@lists.osafoundation.org
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org

>>>>> "Eric" == Eric Rescorla <ekr@networkresonance.com> writes:

    Eric> Sam Hartman <hartmans-ietf@mit.edu> writes:
    >>>>>>> "Eric" == Eric Rescorla <ekr@networkresonance.com> writes:
    >>
    Eric> Sorry, I don't see what you're getting at. PwdHash is
    Eric> specified to use the domain name of the server as the hash
    Eric> salt. RFC 2818 requires that that domain name match the
    Eric> server's certificate. There's nothing additional required.
    >>  The additional thing is that the specification of pwdhash uses
    >> the same naming for servers that tls does and that as pwdhash
    >> is used, it derives the name of the server it is contacting
    >> from the same place as TLS (the URI).

    Eric> Yes, I agree that this is necessary. I don't agree that it's
    Eric> "additional". It's a basic part of any design that aims to
    Eric> preserve referential integrity, which is why TLS and PwdHash
    Eric> both do it.

OK.  It was not obvious in your definition of CRA that you meant this.



I thin my major conclusion from WEA so far is that reasonably
intelligent people who have been thinking about these problems for
years still find it difficult to agree on common vocabulary.
Requirements and solutions are harder.


_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix

v2.23.0 | Report a Bug | By Email