IETF Logo Mail Archive

Re: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02

"William J. Mills" <wmills@yahoo-inc.com> Fri, 08 April 2011 20:23 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C3793A6405 for <kitten@core3.amsl.com>; Fri, 8 Apr 2011 13:23:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cH2YhlifZ1Ff for <kitten@core3.amsl.com>; Fri, 8 Apr 2011 13:23:02 -0700 (PDT)
Received: from web32314.mail.mud.yahoo.com (web32314.mail.mud.yahoo.com [68.142.207.162]) by core3.amsl.com (Postfix) with SMTP id 5C2E83A68CB for <kitten@ietf.org>; Fri, 8 Apr 2011 13:23:02 -0700 (PDT)
Received: (qmail 90983 invoked by uid 60001); 8 Apr 2011 20:24:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1302294285; bh=ZgL9+G/7w+V/qnUNjw+aaLmSN8DOsrKhs4C1DhzK5V8=; h=Message-ID:X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=BuypwpqxJkJNu+miJYah7cEcv5elxZ/7OCvqivZqeuuoVm4BW3bULmHWIYDlt+6TcqhuK48j8VMj+3duJUzyJ+R8nMv8/BKaPdFFYwQ7/urARIxHha21jwEFihOKXI+C25ruuHlflv5nfUCAVfY7JEevkgzO0vKEz4f9G3ROtxc=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=Message-ID:X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=O+BxCtBz0jzwkQ77yhpC2jmZuYbBv4gy2Zw89RPGZcS/aF1H9HlNSSseqMlGC6bRqSEZgcMdDwzWr7od+8UuYUydv/06O+QkZ1+d2Jd86QIfUu2+Af4DxJjWwNRB4VDbF3LVGkb+s/4KFx+dX6+22squxa53k/rPx6rL8vcQSgY=;
Message-ID: <187924.77808.qm@web32314.mail.mud.yahoo.com>
X-YMail-OSG: nXcMVMsVM1n3GvZC2iTkyK6jNyQIzVNAGYTK.V2JIcKKXUG mPnxhlXJtxlwfvexof4_kmfxOONKg52aQgp4IV8OENJmm.vvQoOt5r3uOq_s tg03zdTCjdVl36vJBIglZm_hT8zX37ywOgXITjx1e9aftugs8IO7bWTWO.6I DK0NmaUerqwOu5G11XD9GUqbpOrFk9mDoRZcuNlBW8Q25ddY2OhIlX7sQxfb BV4cAYrbJqLl7JYGdb3mqclZ99cLb2m8wAsGns6fkWNOsZaZ_EERcgBXoSV_ IUshSif5VJ8UOMKrhEb_Z9OhxlVDouSs_6.Dmh.bb7TnnIK6AjtSsG_0w7fk hcZM0rM3HHjxuXBshvXjbS3ORptbd2tDC
Received: from [209.131.62.115] by web32314.mail.mud.yahoo.com via HTTP; Fri, 08 Apr 2011 13:24:45 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.110.299900
References: <20110408070506.12ECB3A6A4C@core3.amsl.com> <416848.75882.qm__16525.0710481361$1302247955$gmane$org@web32314.mail.mud.yahoo.com> <87hba9b13i.fsf@latte.josefsson.org> <tsl4o684s5q.fsf@mit.edu> <754979.46407.qm@web32303.mail.mud.yahoo.com> <BANLkTim+4DD=VMLYm-Mvbfg4RxHgQg6O5g@mail.gmail.com>
Date: Fri, 08 Apr 2011 13:24:45 -0700
From: "William J. Mills" <wmills@yahoo-inc.com>
To: Nico Williams <nico@cryptonector.com>
In-Reply-To: <BANLkTim+4DD=VMLYm-Mvbfg4RxHgQg6O5g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-711671551-1302294285=:77808"
Cc: "kitten@ietf.org" <kitten@ietf.org>, Simon Josefsson <simon@josefsson.org>, Tim Showalter <timshow@yahoo-inc.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "William J. Mills" <wmills@yahoo-inc.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2011 20:23:09 -0000

Ah now see... this is exactly why to assk the experts...

> Yes, RFC5056 says apps should prefix the CB data
> with the type name, but that's NOT something that a mechanism should
> ever rely on.

And my life is simpler.  I simply remove any references to being more specific and know that the cbdata is of the format "%s:%s".

Thank you.




________________________________
From: Nico Williams <nico@cryptonector.com>
To: William J. Mills <wmills@yahoo-inc.com>
Cc: Sam Hartman <hartmans-ietf@mit.edu>; Simon Josefsson <simon@josefsson.org>; "kitten@ietf.org" <kitten@ietf.org>; Tim Showalter <timshow@yahoo-inc.com>
Sent: Friday, April 8, 2011 12:20 PM
Subject: Re: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02

On Fri, Apr 8, 2011 at 12:31 PM, William J. Mills <wmills@yahoo-inc.com> wrote:
> At the moment I was going with simple.  If multiple types are supported then
> I have to be able to communicate what types of channel binding are accepted,
> which I suppose could go in the WWW-Authenticate header in the discovery
> information.  It's relatively easy to add a variable for the CB type.
> If tls-server-end-point is easier to implement I'm happy to pick that one,
> subject to limiting to a single CB type.

Not caring about CB type is simple.  Checking the CB type is not
simple, particularly since the mechanism can't really know what CB
type is being used.  Yes, RFC5056 says apps should prefix the CB data
with the type name, but that's NOT something that a mechanism should
ever rely on.

> My thought was that if the service is offered over another secure channel
> then OAUTH-SSH could be defined for channel binding to SSH.

The mechanism should not care what type of CB data is being used.  The
mechanism should limit itself to ensuring that the CB data are the
same on the initiator and acceptor sides of a security context
establishment -- that's all the mech should do.

Nico
--

v2.23.0 | Report a Bug | By Email