Re: [http-state] [apps-discuss] HTTP MAC Authentication Scheme
Nico Williams <nico@cryptonector.com> Wed, 08 June 2011 14:54 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF1121F84E0; Wed, 8 Jun 2011 07:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.31
X-Spam-Level:
X-Spam-Status: No, score=-3.31 tagged_above=-999 required=5 tests=[AWL=-1.334, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PIhATiHWBWlm; Wed, 8 Jun 2011 07:54:35 -0700 (PDT)
Received: from homiemail-a71.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by ietfa.amsl.com (Postfix) with ESMTP id 75A5121F84DE; Wed, 8 Jun 2011 07:54:35 -0700 (PDT)
Received: from homiemail-a71.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTP id 42A3242807A; Wed, 8 Jun 2011 07:54:35 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=POqsYsC7GUNGirMoCVtHK gNfjM6dAbE9+/asiDdq30aavjlxB8a9zQSC5MrEbMF6VLUeCjP3wtiVORGhxQgII l4d/nCMDWQRfx7EBbrzPvF+1F0Tr/wxEmVJgC+W6uL7ytlV/rybBErLZMo2ZxTqP BQfpSLx2kueO6WnXbpxvgs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=MWIpQm+nK1ebSht6Ppx7 DUz0oGQ=; b=dtXGJiQkjsdMz6VPu1qQHIjEUnpznn91/uQYkPnzsNLjvSA9poDV Gosrzqh2+zM2+NxmzQRsQblcUT7BIWcFfHKBwgvTn00FsRmPR30N3exXRtEp5X6E S9UtbWqVud7wr9wre1dc+jmX6aajBcVBvDu74rO4us+3+e7ooSKnJI0=
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTPSA id DDFF0428078; Wed, 8 Jun 2011 07:54:34 -0700 (PDT)
Received: by pvh18 with SMTP id 18so313627pvh.31 for <multiple recipients>; Wed, 08 Jun 2011 07:54:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.38.33 with SMTP id d1mr823108pbk.389.1307544874582; Wed, 08 Jun 2011 07:54:34 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Wed, 8 Jun 2011 07:54:34 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Wed, 8 Jun 2011 07:54:34 -0700 (PDT)
In-Reply-To: <015801cc25ab$063a2150$12ae63f0$@packetizer.com>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <BANLkTikpQNyQdr9oWHhtJ7a7d-4ri0CNdA@mail.gmail.com> <09c801cc24c2$a05bae00$e1130a00$@packetizer.com> <BANLkTin30NVzYVV1m4gmyh42DWs-nSQpAg@mail.gmail.com> <00f101cc255e$2d426020$87c72060$@packetizer.com> <BANLkTimn8c72p5bjwHNapW9kVCVBmNbC4w@mail.gmail.com> <015801cc25ab$063a2150$12ae63f0$@packetizer.com>
Date: Wed, 08 Jun 2011 09:54:34 -0500
Message-ID: <BANLkTimsKgozsADnA1+yccvKmg1Pa2mPng@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: "Paul E. Jones" <paulej@packetizer.com>
Content-Type: multipart/alternative; boundary="bcaec520e845c7038c04a53483df"
Cc: apps-discuss@ietf.org, Ben Adida <ben@adida.net>, Eran Hammer-Lahav <eran@hueniverse.com>, Adam Barth <adam@adambarth.com>, http-state@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>, Nico Williams <nico@cryptonector.com>, OAuth WG <oauth@ietf.org>
Subject: Re: [http-state] [apps-discuss] HTTP MAC Authentication Scheme
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2011 14:54:36 -0000
On Jun 8, 2011 2:09 AM, "Paul E. Jones" <paulej@packetizer.com> wrote: > > Nico, > > Cookies would still be employed. A cookie would be used to identify the particular user, for example. However, it's important to make sure that the cookie provided by the client to the server is not stolen. It's important to ensure that the client provided by the server to the client is not modified. That's the reason for the MAC. Once we can ensure the integrity of the message exchange, then the existing cookie mechanism can provide us with the secure state management capability we need. You're still not addressing the issues raised. Nico --
- [http-state] HTTP MAC Authentication Scheme Eran Hammer-Lahav
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Eran Hammer-Lahav
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Mark Nottingham
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Eran Hammer-Lahav
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Stephen Farrell
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Mark Nottingham
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Adam Barth
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Eran Hammer-Lahav
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Mark Nottingham
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Stephen Farrell
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Dave CROCKER
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Adam Barth
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Adam Barth
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [apps-discuss] [OAUTH-WG] HTTP M… Mark Nottingham
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] [OAUTH-WG] HTTP M… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Igor Faynberg
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… William J. Mills
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Randy Fischer
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… William J. Mills
- Re: [http-state] [apps-discuss] [OAUTH-WG] HTTP M… Breno de Medeiros
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Tim
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Tim
- Re: [http-state] [apps-discuss] [OAUTH-WG] HTTP M… Bjartur Thorlacius
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Tim