Re: [kitten] Small question about token in draft-schmaus-kitten-sasl-ht-09
Florian Schmaus <flow@cs.fau.de> Fri, 13 January 2023 18:16 UTC
Return-Path: <flow@cs.fau.de>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E93F4C152711 for <kitten@ietfa.amsl.com>; Fri, 13 Jan 2023 10:16:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QEFP6kpcZcuu for <kitten@ietfa.amsl.com>; Fri, 13 Jan 2023 10:16:37 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E09E7C1524A6 for <kitten@ietf.org>; Fri, 13 Jan 2023 10:16:36 -0800 (PST)
Received: from [192.168.188.10] (55d4d77c.access.ecotel.net [85.212.215.124]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: flow) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPSA id 4NtqP93DHmznkdj; Fri, 13 Jan 2023 19:16:29 +0100 (CET)
Message-ID: <90f72d58-78b4-b2f9-52d0-60a8036db9af@cs.fau.de>
Date: Fri, 13 Jan 2023 19:16:28 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0
Content-Language: en-US
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: "kitten@ietf.org" <kitten@ietf.org>, Christoph Egger <egger@cs.fau.de>
References: <e6f1e531-16a4-08d5-d947-b80484bc4969@isode.com>
From: Florian Schmaus <flow@cs.fau.de>
In-Reply-To: <e6f1e531-16a4-08d5-d947-b80484bc4969@isode.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/1VtOTXo0WQM4rf1G_xcAZTLmS9A>
Subject: Re: [kitten] Small question about token in draft-schmaus-kitten-sasl-ht-09
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jan 2023 18:19:00 -0000
On 13/01/2023 18.29, Alexey Melnikov wrote:> I am reading the description of token in your draft: > > HMAC() is the function defined in [RFC2104] with H being the selected > HT hash algorithm, 'cb-data' represents the data provided by the > selected channel binding type, and 'token' are the UTF-8 encoded > octets of the SASL-HT token string which acts as a shared secret > between initiator and responder. > > This made me wonder why is the token defined as UTF-8 string and not just as binary data? Out of convenience because the accompanying XEP would return the token as String [1]. Of course, we could have the XEP return base64 encoded binary data, but this appears like an additional hoop in the XEP. But now we have the hoop in the I-D, so one could say the it just switched places. What also contributed to this design decision is that I prefer tokens to be strings (potentially even restricted to [A-Za-z0-9-]). Simply because it makes handling and debugging easier compared to arbitrary binary blobs. But that may be just my personal preference and I like to hear other opinions too. - Flow 1: XEP-0397 § 4, https://xmpp.org/extensions/xep-0397.html#obtain)
- [kitten] Small question about token in draft-schm… Alexey Melnikov
- Re: [kitten] Small question about token in draft-… Florian Schmaus