[http-auth] (due Oct 26) Mutual-auth issues (part 4)
大岩寛 <y.oiwa@aist.go.jp> Tue, 13 October 2015 09:27 UTC
Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1261E1A701D for <http-auth@ietfa.amsl.com>; Tue, 13 Oct 2015 02:27:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.198
X-Spam-Level: ***
X-Spam-Status: No, score=3.198 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, CHARSET_FARAWAY_HEADER=3.2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_j_NLtCvs9V for <http-auth@ietfa.amsl.com>; Tue, 13 Oct 2015 02:27:12 -0700 (PDT)
Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-pu1apc01on0055.outbound.protection.outlook.com [104.47.126.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CEC61A7015 for <http-auth@ietf.org>; Tue, 13 Oct 2015 02:27:12 -0700 (PDT)
Received: from OS1PR01MB0200.jpnprd01.prod.outlook.com (10.161.230.139) by OS1PR01MB0199.jpnprd01.prod.outlook.com (10.161.229.19) with Microsoft SMTP Server (TLS) id 15.1.293.16; Tue, 13 Oct 2015 09:27:08 +0000
Received: from OS1PR01MB0200.jpnprd01.prod.outlook.com ([10.161.230.139]) by OS1PR01MB0200.jpnprd01.prod.outlook.com ([10.161.230.139]) with mapi id 15.01.0293.007; Tue, 13 Oct 2015 09:27:09 +0000
From: 大岩寛 <y.oiwa@aist.go.jp>
To: "http-auth@ietf.org" <http-auth@ietf.org>
Thread-Topic: (due Oct 26) Mutual-auth issues (part 4)
Thread-Index: AdEFmSW6Y4b8yLXgTGmE1i5THFADlQ==
Date: Tue, 13 Oct 2015 09:27:08 +0000
Message-ID: <OS1PR01MB02005C98D3788549349C429BA0300@OS1PR01MB0200.jpnprd01.prod.outlook.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=y.oiwa@aist.go.jp;
x-originating-ip: [150.29.149.52]
x-microsoft-exchange-diagnostics: 1; OS1PR01MB0199; 5:EDNVNbdsm45dj0iJz3vRgp9AK4AjPbomBRhHw6YkKc0xtLfnOvaTYDiZJCtBNZOPrWILmi/HFJMV2NmNpJSdOLYUSZtNtRVZ2N5Fh6FP/o506okXxr/Vh7lA6BbJW0IEvzA9q62Cxo9A5SsI/Hzqsg==; 24:T/Eun3ZQB2r2jqkt8jCUvVZlT+M5SZje76zVUyW+v6izCh8JNJgmmN9aiHNOE8lq3M2wtZ+4OQsgm3pmNp6G3wEwE8yJE0bR+rtTEhrVgzU=; 20:+Chs0LWUgiRnAZ5GsLHMczmGd+gZiGJdtNT27yXRa6k+sljSyikywF23neEJgb6XVd/W1u1dkOcVJe7ApG0d0Q==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:OS1PR01MB0199;
x-microsoft-antispam-prvs: <OS1PR01MB019939A8A8A86B3E4F3E947DA0300@OS1PR01MB0199.jpnprd01.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(58186630543729);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(2401047)(5005006)(520078)(8121501046)(3002001); SRVR:OS1PR01MB0199; BCL:0; PCL:0; RULEID:; SRVR:OS1PR01MB0199;
x-forefront-prvs: 07283408BE
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(189002)(199003)(504964003)(5001960100002)(101416001)(189998001)(76576001)(2900100001)(2501003)(92566002)(5004730100002)(19580405001)(19580395003)(54356999)(110136002)(50986999)(15975445007)(5002640100001)(77096005)(450100001)(5003600100002)(46102003)(85182001)(74482002)(40100003)(102836002)(33656002)(107886002)(5008740100001)(105586002)(229853001)(64706001)(122556002)(106356001)(2351001)(81156007)(10400500002)(97736004)(66066001)(86362001)(87936001)(5007970100001)(74316001); DIR:OUT; SFP:1101; SCL:1; SRVR:OS1PR01MB0199; H:OS1PR01MB0200.jpnprd01.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: aist.go.jp does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: aist.go.jp
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Oct 2015 09:27:08.8190 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 18a7fec8-652f-409b-8369-272d9ce80620
X-MS-Exchange-Transport-CrossTenantHeadersStamped: OS1PR01MB0199
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/iLyxFy7burpX_b5xtYfMvR4YchA>
Subject: [http-auth] (due Oct 26) Mutual-auth issues (part 4)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2015 09:27:15 -0000
Dear all HTTPAUTH WG members, I'd like to have your comments on the following four issues. Please make your initial response *before October 26*, or the WG will consider these issues as successfully resolved (as the WG Chair said in the Prague meeting.) We appreciate your responses in any of the following form: * on the github issue tracking system (comments, pull-request etc.) * on this mailing list * on the private email We'll summarize comments on the medium above, and send it to this mailing list. (Please be understood that your comments on the private email may be included in the summary and published.) ==== draft-ietf-httpauth-mutual ==== (p11): Section 10 Two forms of descriptions are given for client state-machines, requested by feedback comments. We tried to clarify the normative description in the latest draft. Is this satisfactory? https://github.com/yoiwa/httpauth-mutual/issues/11 (p12): Section 12.1: Data Syntax We defined non-ambiguous encoding of multiple string sets in Section 12.1. Are definitions of VI(), VS() satisfactory? https://github.com/yoiwa/httpauth-mutual/issues/12 (p13): Section 16: IANA Considerations Choice of Requirement specification levels for new algorithms. Discussions in IETF 92 proposed "Expert review" level. Is it OK? https://github.com/yoiwa/httpauth-mutual/issues/13 ==== draft-ietf-httpauth-mutual-algo ==== (p14) Iteration counts for "PBKDF2" construction is set to 16384. Is this value reasonable? https://github.com/yoiwa/httpauth-mutual/issues/14 Thank you in advance for your cooperation. -- Yutaka OIWA, Ph.D. Leader, Cyber Physical Architecture Research Group Information Technology Research Institute National Institute of Advanced Industrial Science and Technology (AIST) Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5]