IETF Logo Mail Archive

Re: [httpauth] Mutual authentication proposal

Yutaka OIWA <y.oiwa@aist.go.jp> Wed, 13 June 2012 03:51 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0807A11E8098 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Jun 2012 20:51:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.977
X-Spam-Level:
X-Spam-Status: No, score=-7.977 tagged_above=-999 required=5 tests=[AWL=2.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xq0MabQ5HRhN for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Jun 2012 20:51:42 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 535FA11E808D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 12 Jun 2012 20:51:42 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Seebh-0000bu-If for ietf-http-wg-dist@listhub.w3.org; Wed, 13 Jun 2012 03:50:57 +0000
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <y.oiwa@aist.go.jp>) id 1SeebV-0000b3-6s for ietf-http-wg@listhub.w3.org; Wed, 13 Jun 2012 03:50:45 +0000
Received: from na3sys010aog101.obsmtp.com ([74.125.245.70]) by lisa.w3.org with smtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <y.oiwa@aist.go.jp>) id 1SeebS-0008PV-2g for ietf-http-wg@w3.org; Wed, 13 Jun 2012 03:50:43 +0000
Received: from mail-pb0-f50.google.com ([209.85.160.50]) (using TLSv1) by na3sys010aob101.postini.com ([74.125.244.12]) with SMTP ID DSNKT9gN/BcVCVa8v7P7BgKZAJ6uQ/ThilYL@postini.com; Tue, 12 Jun 2012 20:50:41 PDT
Received: by pbbrr4 with SMTP id rr4so1551108pbb.9 for <ietf-http-wg@w3.org>; Tue, 12 Jun 2012 20:50:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=MEC4uXzZQBLutmbzy3+eU4U/3AZX59Be7hIg3J4o+QI=; b=PxYALCTTuUoMhulHRTJ4l9JvVIp4B+VLIBOTog44Hi/5/Bvw2bLvc2nRKDrIiv9005 /tHbgpEVhrptNElvXFAquC1F+qJZDObdkjc3wIKkYF7QBqDoubQhTiBN1Qzu4/y/m8p5 447BLC/jnQ6yzuI9LKUU5jgWaMxT94JOLpQQI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding:x-gm-message-state; bh=MEC4uXzZQBLutmbzy3+eU4U/3AZX59Be7hIg3J4o+QI=; b=inwDsRD1D9xOcS3B/OEZP0e/ku0L4eiiia6/Fp1SrQim8GRL82tdf0Y7c79HpyZByI dj5SG1TbrKv48lwM963yRxwxs9VPr0dU0RJeGBfWiyN5voTpApEiDn8/rFa+ZDzA72Tt nxR71RYuHy7aDsp1fkjxytZzKWDxPLGlsUwz5VyZnXiZKrA8mqavG54B1RMnWH8P2V+E bbm0YMvYzJoj3A/15Qf0WnLF3+LlqgHKlnIYjPqvr+Rv0EECQllDbWxs2CvN+Q5O0IJ3 38tsL1XisdHMUwVP7M+PX8fWIdKPBhNWawOJI0a+b8OKmuwdhZxDMvA4xEKZHCL1t189 Cjyw==
Received: by 10.68.225.201 with SMTP id rm9mr45879447pbc.71.1339559419522; Tue, 12 Jun 2012 20:50:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.66.254.42 with HTTP; Tue, 12 Jun 2012 20:49:59 -0700 (PDT)
In-Reply-To: <CAMeZVwvgsMdY_EMyODzTAbZrWxp=GQpj_y=mLOZoyOx24-XevQ@mail.gmail.com>
References: <CAMeZVwuGYZqoZOH1hvc=-YWFKUizjMJmj+=c3ZkgswdYYP3pxw@mail.gmail.com> <CAMeZVwvgsMdY_EMyODzTAbZrWxp=GQpj_y=mLOZoyOx24-XevQ@mail.gmail.com>
From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Wed, 13 Jun 2012 12:49:59 +0900
Message-ID: <CAMeZVwsUmBVDYduXh06gy-FzBiyyP=B=HRvWFYkaZ5xtxqMr9Q@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>, "http-auth@ietf.org" <http-auth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQnxoQEzjMbKYtPNnuJ57Cpf5eCkg2IcoKmo7DlEUTkAmETBmL0okyBjr2aEWo0MarGlJdWu
Received-SPF: pass client-ip=74.125.245.70; envelope-from=y.oiwa@aist.go.jp; helo=na3sys010aog101.obsmtp.com
X-W3C-Hub-Spam-Status: No, score=-4.3
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1SeebS-0008PV-2g 8b7c0fbe075ff566900e27e4f48c6c73
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [httpauth] Mutual authentication proposal
Archived-At: <http://www.w3.org/mid/CAMeZVwsUmBVDYduXh06gy-FzBiyyP=B=HRvWFYkaZ5xtxqMr9Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13769
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1Seebh-0000bu-If@frink.w3.org>
Resent-Date: Wed, 13 Jun 2012 03:50:57 +0000

I put some document about some design decisions of
our protocol on the wiki.

It is available from
http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals/MutualAuth/LayeringDesigns

Hope this will help you understanding how the things work.

2012/6/5 Yutaka OIWA <y.oiwa@aist.go.jp>:
> Dear all,
>
> I created Wiki pages for my proposals:
>
> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals/MutualAuth
> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals/AuthExtension
>
> I hope you will feel the information helpful.
>
> Cheers,
>
> Yutaka
>
> 2012/6/4 Yutaka OIWA <y.oiwa@aist.go.jp>:
>> Dear all,
>>
>> with a few corrections from the May-21st draft,
>> I submitted the HTTP Mutual authentication draft as an httpbis proposal.
>>
>> The proposal consists of two parts:
>>
>> <http://www.ietf.org/id/draft-oiwa-httpbis-mutualauth-00.txt>
>> is the core proposal for HTTP Mutual authentication,
>> using RFC 2617 architecture.
>>
>> <http://www.ietf.org/id/draft-oiwa-httpbis-auth-extension-00.txt>
>> is the important companion draft for generic extensions
>> which makes HTTP authentication useful again with
>> many Web applications.
>>
>> The proposal is (both documents are) HTTP/1.1 compatible, and
>> as far as core HTTP request/response semantics are kept,
>> it should work with future HTTP/2.0, too.
>>
>> I will set up wiki pages for these around tomorrow or so.
>> It will include information on available reference implementations,
>> some more introductions and so on.
>> I hope you will enjoy the proposed solution.
>>
>> Following previous suggestions on http-auth, crypto primitive choices
>> are kept for future discussions.  One of primitive candidates,
>> which is now for an "example" or "reference" purpose,
>> is available as an "individual" draft at
>> <http://tools.ietf.org/html/draft-oiwa-http-mutualauth-algo-02>.
>> To implement the core proposal now, please refer this, too.
>>
>>
>> P. S.
>> I also incremented the individual draft revisions for book-keeping purpose.
>> (One of these depends on the revision numbers embedded to the protocol).
>> Contents of these are exactly the same as httpbis-proposed versions.
>>
>> --
>> Yutaka OIWA, Ph.D.              Leader, Software Reliability Research Group
>>                              Research Institute for Secure Systems (RISEC)
>>    National Institute of Advanced Industrial Science and Technology (AIST)
>>                      Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
>> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]
>
>
>
> --
> Yutaka OIWA, Ph.D.              Leader, Software Reliability Research Group
>                              Research Institute for Secure Systems (RISEC)
>    National Institute of Advanced Industrial Science and Technology (AIST)
>                      Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]



-- 
Yutaka OIWA, Ph.D.              Leader, Software Reliability Research Group
                             Research Institute for Secure Systems (RISEC)
   National Institute of Advanced Industrial Science and Technology (AIST)
                     Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]

v2.23.0 | Report a Bug | By Email