Re: [Ietf-http-auth] Re: [dix] Notes on Web authentication enhancements
Sam Hartman <hartmans-ietf@mit.edu> Thu, 06 July 2006 22:31 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FycNA-0005rS-KR; Thu, 06 Jul 2006 18:31:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FycN9-0005lj-Nv for dix@ietf.org; Thu, 06 Jul 2006 18:30:59 -0400
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FycN7-0004Ae-Ew for dix@ietf.org; Thu, 06 Jul 2006 18:30:59 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 955CCE0079; Thu, 6 Jul 2006 18:31:21 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: EKR <ekr@networkresonance.com>
Subject: Re: [Ietf-http-auth] Re: [dix] Notes on Web authentication enhancements
References: <20060619220742.40B85222427@laser.networkresonance.com> <tsl3bdoiq9g.fsf@cz.mit.edu> <86mzbqbwjm.fsf@raman.networkresonance.com> <tslk66qa6wi.fsf@cz.mit.edu> <86k66qwmzo.fsf@raman.networkresonance.com> <tslveqa8o1d.fsf@cz.mit.edu> <86sllev1b0.fsf@raman.networkresonance.com>
Date: Thu, 06 Jul 2006 18:31:21 -0400
In-Reply-To: <86sllev1b0.fsf@raman.networkresonance.com> (Eric Rescorla's message of "Thu, 06 Jul 2006 15:03:15 -0700")
Message-ID: <tslirma74cm.fsf@cz.mit.edu>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Cc: Digital Identity Exchange <dix@ietf.org>, ietf-http-auth@lists.osafoundation.org
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
>>>>> "Eric" == Eric Rescorla <ekr@networkresonance.com> writes: Eric> Sam Hartman <hartmans-ietf@mit.edu> writes: >>>>>>> "Eric" == Eric Rescorla <ekr@networkresonance.com> writes: >> Eric> Sorry, I don't see what you're getting at. PwdHash is Eric> specified to use the domain name of the server as the hash Eric> salt. RFC 2818 requires that that domain name match the Eric> server's certificate. There's nothing additional required. >> The additional thing is that the specification of pwdhash uses >> the same naming for servers that tls does and that as pwdhash >> is used, it derives the name of the server it is contacting >> from the same place as TLS (the URI). Eric> Yes, I agree that this is necessary. I don't agree that it's Eric> "additional". It's a basic part of any design that aims to Eric> preserve referential integrity, which is why TLS and PwdHash Eric> both do it. OK. It was not obvious in your definition of CRA that you meant this. I thin my major conclusion from WEA so far is that reasonably intelligent people who have been thinking about these problems for years still find it difficult to agree on common vocabulary. Requirements and solutions are harder. _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- [dix] Notes on Web authentication enhancements Eric Rescorla
- [dix] RE: [Ietf-http-auth] Notes on Web authentic… Hallam-Baker, Phillip
- Re: [dix] RE: [Ietf-http-auth] Notes on Web authe… Sam Hartman
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Mark Nottingham
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Ben Laurie
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Ben Laurie
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Dick Hardt
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Stephan Fowler
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Mark Nottingham
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Mark Nottingham
- [dix] RE: [Ietf-http-auth] Notes on Web authentic… Hallam-Baker, Phillip
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- [dix] BOF plans (Was: Notes on Web authentication… Pete Resnick
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Robert Sayre
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Joe Orton
- Re: [dix] BOF plans (Was: Notes on Web authentica… Ben Laurie
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Stephan Fowler
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Eliot Lear
- Re: [dix] BOF plans (Was: Notes on Web authentica… Eliot Lear
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Robert Sayre
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Eric Rescorla
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… thayes0993
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… Eliot Lear
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… Robert Sayre
- Re: [dix] BOF plans (Was: Notes on Web authentica… John Merrells
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… Gavin Baumanis
- Re: [dix] Notes on Web authentication enhancements Sam Hartman
- Re: [dix] BOF plans Sam Hartman
- [dix] Google Account Authorization - slightly off… Dick Hardt
- Re: [Ietf-http-auth] Re: [dix] BOF plans Sam Hartman
- Re: [dix] Google Account Authorization - slightly… Ben Laurie
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Ben Laurie
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… Ben Laurie
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Eric Rescorla
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Eric Rescorla
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Eric Rescorla
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Gavin Baumanis
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Dick Hardt
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Sam Hartman