IETF Logo Mail Archive

Re: [jose] Signed HTTP Requests @ IETF-104

Bret Jordan <jordan.ietf@gmail.com> Wed, 13 March 2019 05:36 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A76B130E86 for <jose@ietfa.amsl.com>; Tue, 12 Mar 2019 22:36:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xU6sqResic2n for <jose@ietfa.amsl.com>; Tue, 12 Mar 2019 22:36:25 -0700 (PDT)
Received: from mail-it1-x133.google.com (mail-it1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 982DD12D4E7 for <jose@ietf.org>; Tue, 12 Mar 2019 22:36:25 -0700 (PDT)
Received: by mail-it1-x133.google.com with SMTP id m137so896740ita.0 for <jose@ietf.org>; Tue, 12 Mar 2019 22:36:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=ZPzYIh4KWWw3kLodruqTod8QZSCa9Ww0eYZUDaatLF4=; b=bj1dPxSZtJxRGdON8hUFk+gHxsr2PdZW4QT7r7F95bBfg02Zoy3mED7rVEFJS+goL8 VrrsP9VxoiIddNf+bBNkMs4HjYMJ5y0mPsUzUTZWnvpx5PxJ93uBd1c2tLYJ+UjVMjMt FljO8sQkyPV5rxEmqcFY3O36KGGJg6TzDLPqunY9WymjrZ5tmIZVkgXJrWZXaOObeyyT 06Kj3BjFckSuW4C6/d3gNLLIJM/bjl1cNnXb1kikPMd7XYHZrY7LuM3Wx2KpJvHGwS1R rnzEHqezBjLcxmIDtnRZt+fu8rgDxfgBsitu6RYs8oVnsRVhZ37yLToHav9O0jgjOvqp 3MEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=ZPzYIh4KWWw3kLodruqTod8QZSCa9Ww0eYZUDaatLF4=; b=CmvpS+oPS/qD74a8KxAieAXQPQi4994r4uYVMGtFT9po/y86Y1uOkXJzwDW8K4FT9e xaMJliJs0ZdAFil5zZjixBEvK8/iB7emIGX9SqvteWNnAlRlnSEtXZJKqWBdEIvrO1YD oF5Uljbo0+xdJUOCobQqzgB73m1dkdChqa+BF+mo1jx1TUGvQ1Ja0wAooFCV95PwWBr/ rGvY9WCkMlxhTzl/6/44stiRGkv6m02JK/3iX1rhHDfIYWhs9ZeVlgvCxa2Pb7j0TtIl ekYzxaAwpTze3LGvOKpiyEZX5t8YP5Q8x12qKN9eQ8yyQAOHJmlDsSRRC4F3wuzw2dHK AbzA==
X-Gm-Message-State: APjAAAXXQpET3RhlwBm6uzJJKSolG0FyRLdqAaOHJtWzkbSwMUYOiUqm 9NbF1RWEaVmN7be4Pr6xLrQ=
X-Google-Smtp-Source: APXvYqzXSII/cQcGSNu8jajq5cb47Gie/9Yl4+Zpkeb9TN2vYah1hX9q5vHbF5PHA/c8ld++B5Jcvw==
X-Received: by 2002:a02:6a0b:: with SMTP id l11mr23370064jac.138.1552455384921; Tue, 12 Mar 2019 22:36:24 -0700 (PDT)
Received: from ?IPv6:2605:a601:a028:986:5894:d16e:7927:b7a4? ([2605:a601:a028:986:5894:d16e:7927:b7a4]) by smtp.gmail.com with ESMTPSA id t5sm4359889ioi.43.2019.03.12.22.36.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Mar 2019 22:36:24 -0700 (PDT)
From: Bret Jordan <jordan.ietf@gmail.com>
Message-Id: <05237AAD-FB1F-4A06-A2BF-D4020B1F2799@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4C183FC3-9085-4530-ACF5-5233D1CE39F4"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Tue, 12 Mar 2019 23:36:20 -0600
In-Reply-To: <194bf99a-d5aa-d342-d110-3d66daf50d6e@gmail.com>
Cc: Anthony Nadalin <tonynad@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
References: <3afd27b3-c095-3188-89d3-58d8be177c5e@gmail.com> <DM5PR00MB0391CF9D87A9CE6F9CC36FF0A64A0@DM5PR00MB0391.namprd00.prod.outlook.com> <194bf99a-d5aa-d342-d110-3d66daf50d6e@gmail.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/3lJDnzkFehQczWn_MNDHePh07qI>
Subject: Re: [jose] Signed HTTP Requests @ IETF-104
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 05:36:28 -0000

We should for sure setup a side meeting on Wednesday to talk about JCS.  That would be good.  We could also talk a bit after the HotRFC session. 


Thanks,
Bret
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

> On Mar 12, 2019, at 11:03 PM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
> On 2019-03-13 04:46, Anthony Nadalin wrote:
>> I'm not sure why you say that FAPI is rolling it's own as we are not, please explain
> 
> I was referring to this part of FAPI/OpenID:
> https://openid.net/specs/openid-financial-api-part-2.html#introduction-3
> 
> Is that a proposed standard?  It claims to be RESTFul but does not deal with HTTP Method and URI which are fundamental parts of REST.
> 
> In addition, one of the major interested parties behind FAPI, Open Banking in the UK, have selected another method (https://tools.ietf.org/html/draft-rundgren-signed-http-requests-00#appendix-B.3), while other players in this field including French banks and the Berlin group are betting on: https://tools.ietf.org/html/draft-cavage-http-signatures-10
> 
> This is the motivation behind this work.  If you are in Prague, maybe we can talk about this?
> 
> regards,
> Anders
> 
> 
>> -----Original Message-----
>> From: jose <jose-bounces@ietf.org> On Behalf Of Anders Rundgren
>> Sent: Monday, March 11, 2019 8:57 AM
>> To: jose@ietf.org
>> Subject: [jose] Signed HTTP Requests @ IETF-104
>> I will be there Saturday evening - Thursday 13.00 in case you are interested in this topic.
>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-rundgren-signed-http-requests-00&amp;data=02%7C01%7Ctonynad%40microsoft.com%7Ccdd16fdc2e264a6868ac08d6a63a4098%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636879166457446453&amp;sdata=gXhXwQOm0vwPvXbQUQj%2FwD3%2FrsDU%2BB95SF6CjfR80CA%3D&amp;reserved=0
>> 4 minute "lightning" talk: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcyberphone.github.io%2Fietf-signed-http-requests%2Fhotrfc-shreq.pdf&amp;data=02%7C01%7Ctonynad%40microsoft.com%7Ccdd16fdc2e264a6868ac08d6a63a4098%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636879166457446453&amp;sdata=Al4bQN9BkM8ESKwqIZD6q1ZeQhYc5PrlXDR7vuRy6JQ%3D&amp;reserved=0
>> On-line "laboratory":
>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmobilepki.org%2Fshreq%2Fhome&amp;data=02%7C01%7Ctonynad%40microsoft.com%7Ccdd16fdc2e264a6868ac08d6a63a4098%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636879166457446453&amp;sdata=bLjKK%2FcGsB54%2B%2FVbbQQDrrgxdCooQp0%2BfJDBBsRIg8M%3D&amp;reserved=0
>> thanx,
>> Anders
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fjose&amp;data=02%7C01%7Ctonynad%40microsoft.com%7Ccdd16fdc2e264a6868ac08d6a63a4098%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636879166457446453&amp;sdata=Ah7rSZOWkkeTs%2Byi76vkqK1O5iN%2FckkCRoGvtsUDWYc%3D&amp;reserved=0
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email