IETF Logo Mail Archive

Re: [http-state] [apps-discuss] HTTP MAC Authentication Scheme

Tim <tim-projects@sentinelchicken.org> Thu, 09 June 2011 14:30 UTC

Return-Path: <tim-projects@sentinelchicken.org>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1033111E80BA for <http-state@ietfa.amsl.com>; Thu, 9 Jun 2011 07:30:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.456
X-Spam-Level:
X-Spam-Status: No, score=-3.456 tagged_above=-999 required=5 tests=[AWL=-1.191, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FBaE1qJudgNk for <http-state@ietfa.amsl.com>; Thu, 9 Jun 2011 07:30:05 -0700 (PDT)
Received: from sentinelchicken.org (mail.sentinelchicken.org [69.168.48.72]) by ietfa.amsl.com (Postfix) with ESMTP id 413C811E8081 for <http-state@ietf.org>; Thu, 9 Jun 2011 07:30:04 -0700 (PDT)
Received: (qmail 24241 invoked from network); 9 Jun 2011 14:30:01 -0000
Received: from unknown (HELO pascal.sentinelchicken.org) (10.81.64.2) by feynman.sentinelchicken.org with ESMTPS (DHE-RSA-AES256-SHA encrypted); 9 Jun 2011 14:30:01 -0000
Received: (qmail 19446 invoked from network); 9 Jun 2011 14:31:11 -0000
Received: from shannon.sentinelchicken.org (10.81.64.4) by pascal.sentinelchicken.org with SMTP; 9 Jun 2011 14:31:11 -0000
Received: (nullmailer pid 28089 invoked by uid 1000); Thu, 09 Jun 2011 14:30:00 -0000
Date: Thu, 09 Jun 2011 07:30:00 -0700
From: Tim <tim-projects@sentinelchicken.org>
To: "Paul E. Jones" <paulej@packetizer.com>
Message-ID: <20110609143000.GQ1565@sentinelchicken.org>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <BANLkTikpQNyQdr9oWHhtJ7a7d-4ri0CNdA@mail.gmail.com> <09c801cc24c2$a05bae00$e1130a00$@packetizer.com> <BANLkTin30NVzYVV1m4gmyh42DWs-nSQpAg@mail.gmail.com> <00f101cc255e$2d426020$87c72060$@packetizer.com> <BANLkTimn8c72p5bjwHNapW9kVCVBmNbC4w@mail.gmail.com> <015801cc25ab$063a2150$12ae63f0$@packetizer.com> <20110608153225.GL1565@sentinelchicken.org> <02d101cc2663$eceb6790$c6c236b0$@packetizer.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <02d101cc2663$eceb6790$c6c236b0$@packetizer.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Mailman-Approved-At: Fri, 10 Jun 2011 08:04:16 -0700
Cc: 'OAuth WG' <oauth@ietf.org>, 'HTTP Working Group' <ietf-http-wg@w3.org>, apps-discuss@ietf.org, http-state@ietf.org
Subject: Re: [http-state] [apps-discuss] HTTP MAC Authentication Scheme
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2011 14:30:07 -0000

> You are referring to draft-salgueiro-secure-state-management-04?
>
> In that document, Section 6 covers responses from the server.  The server
> may hash any part of the message it wishes, including the body and selected
> header.  It's possible to also have an empty body and including that in the
> hash will ensure that no body is inserted where one shouldn't have been.


No, throughout this discussion I'm just looking at:
  http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token

Does this tie in to the secure state management draft?  If so, can you
point me to the section in the MAC draft so I can get up to speed?

> We've not looked at HTTP Digest and we were not targeting OAuth with our
> document.  Just so that I'm looking at the right "HTTP Digest" text, can you
> tell me the document name?  I found several when I did a search.

Just the (latest?) RFC:
  http://www.ietf.org/rfc/rfc2617.txt

thanks,
tim

v2.23.0 | Report a Bug | By Email