IETF Logo Mail Archive

Re: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02

Nico Williams <nico@cryptonector.com> Fri, 08 April 2011 19:19 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A7BA3A69B4 for <kitten@core3.amsl.com>; Fri, 8 Apr 2011 12:19:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.942
X-Spam-Level:
X-Spam-Status: No, score=-1.942 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0F5bEwNBaIQ for <kitten@core3.amsl.com>; Fri, 8 Apr 2011 12:19:08 -0700 (PDT)
Received: from homiemail-a27.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by core3.amsl.com (Postfix) with ESMTP id 58ADD3A6975 for <kitten@ietf.org>; Fri, 8 Apr 2011 12:19:08 -0700 (PDT)
Received: from homiemail-a27.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a27.g.dreamhost.com (Postfix) with ESMTP id 04B11598065 for <kitten@ietf.org>; Fri, 8 Apr 2011 12:20:54 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=W/J8hhXfI7yzVFMdwCh0uqMVpwkthCmgmtOZeSGh7iN/ pZgfJUjJsE9z2M7Pr1GleR6WyFNDLEAUcJTpIraSFXDLbJEVQ9ubB+QGpvRo8Fho Vgu1KwH5FsJ34IPcvj2KqRvWXNZyNhQo8M4dGv2/e9gnZf5eHSxCQJ1bL+Npv+Y=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=3uPeHU+2djyhZVqj/XVvPoMr+x8=; b=bAj1QKNiW3O QEJVMbe1JbnNYpK96onK/ZpL4zyUrsPCJfJmY9bFqtm1OA37/NpfwPTLIGGGb2cq ix9CsgzBm2a4Wt5njQenVVYlT4i/RZwxCXXLuE3oW0BxTJp5M4xpsf3YH2y1sWME HEvpK/Xyn5R//XBOiLJfKz7Xj8p3GEd4=
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a27.g.dreamhost.com (Postfix) with ESMTPSA id C3B6559805F for <kitten@ietf.org>; Fri, 8 Apr 2011 12:20:53 -0700 (PDT)
Received: by vws12 with SMTP id 12so3612613vws.31 for <kitten@ietf.org>; Fri, 08 Apr 2011 12:20:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.92.38 with SMTP id cj6mr3657500vdb.254.1302290453205; Fri, 08 Apr 2011 12:20:53 -0700 (PDT)
Received: by 10.52.166.42 with HTTP; Fri, 8 Apr 2011 12:20:53 -0700 (PDT)
In-Reply-To: <754979.46407.qm@web32303.mail.mud.yahoo.com>
References: <20110408070506.12ECB3A6A4C@core3.amsl.com> <416848.75882.qm__16525.0710481361$1302247955$gmane$org@web32314.mail.mud.yahoo.com> <87hba9b13i.fsf@latte.josefsson.org> <tsl4o684s5q.fsf@mit.edu> <754979.46407.qm@web32303.mail.mud.yahoo.com>
Date: Fri, 08 Apr 2011 14:20:53 -0500
Message-ID: <BANLkTim+4DD=VMLYm-Mvbfg4RxHgQg6O5g@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: "William J. Mills" <wmills@yahoo-inc.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "kitten@ietf.org" <kitten@ietf.org>, Simon Josefsson <simon@josefsson.org>, Tim Showalter <timshow@yahoo-inc.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2011 19:19:09 -0000

On Fri, Apr 8, 2011 at 12:31 PM, William J. Mills <wmills@yahoo-inc.com> wrote:
> At the moment I was going with simple.  If multiple types are supported then
> I have to be able to communicate what types of channel binding are accepted,
> which I suppose could go in the WWW-Authenticate header in the discovery
> information.  It's relatively easy to add a variable for the CB type.
> If tls-server-end-point is easier to implement I'm happy to pick that one,
> subject to limiting to a single CB type.

Not caring about CB type is simple.  Checking the CB type is not
simple, particularly since the mechanism can't really know what CB
type is being used.  Yes, RFC5056 says apps should prefix the CB data
with the type name, but that's NOT something that a mechanism should
ever rely on.

> My thought was that if the service is offered over another secure channel
> then OAUTH-SSH could be defined for channel binding to SSH.

The mechanism should not care what type of CB data is being used.  The
mechanism should limit itself to ensuring that the CB data are the
same on the initiator and acceptor sides of a security context
establishment -- that's all the mech should do.

Nico
--

v2.23.0 | Report a Bug | By Email