Re: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02

"Cantor, Scott E." <cantor.2@osu.edu> Fri, 08 April 2011 19:25 UTC

From: "Cantor, Scott E." <cantor.2@osu.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>
Thread-Topic: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02
Thread-Index: AQHL9h27eQZ1CqEixkWSNA9dnCkCrJRUWMrw
Date: Fri, 08 Apr 2011 19:27:45 +0000
Message-ID: <7EE86E89365CA94F8E7B8251F926071007AC141F@CIO-KRC-D1MBX01.osuad.osu.edu>
References: <20110408070506.12ECB3A6A4C@core3.amsl.com> <416848.75882.qm__16525.0710481361$1302247955$gmane$org@web32314.mail.mud.yahoo.com> <87hba9b13i.fsf@latte.josefsson.org> <tsl4o684s5q.fsf@mit.edu> <754979.46407.qm@web32303.mail.mud.yahoo.com> <tslr59c3asv.fsf@mit.edu> <7EE86E89365CA94F8E7B8251F926071007AC12BC@CIO-KRC-D1MBX01.osuad.osu.edu> <tslipuo378b.fsf@mit.edu>
In-Reply-To: <tslipuo378b.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "kitten@ietf.org" <kitten@ietf.org>, Simon Josefsson <simon@josefsson.org>, Tim Showalter <timshow@yahoo-inc.com>
Subject: Re: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02
Precedence: list

>     Cantor,> How is it expected that servers would distinguish clients
> 
> I'd expect that is what the SASL authentication is for.
> (Note that HTTP is more complex; you need cookies or some other
> distinguisher there).

I think my confusion stems from both thinking about HTTP and also thinking about SSL session resumption across TCP connections (which is somewhat related to the HTTP thing).

> Unless I'm missing something (wouldn't be the first time) I think 1 and
> 2 are sufficient for a non-HTTP use case.

It's sufficient for a persistent connection. I think you answered the other case by mentioning cookies. Normally that has a fairly perjorative connotation, but since the client here isn't a browser (read browser as "security sinkhole"), such a cookie isn't a cookie in the "anybody can probably steal it" sense.

-- Scott

[kitten] Fw: New Version Notification for draft-m… William J. Mills
Re: [kitten] Fw: New Version Notification for dra… Simon Josefsson
Re: [kitten] Fw: New Version Notification for dra… Simon Josefsson
Re: [kitten] Fw: New Version Notification for dra… Sam Hartman
Re: [kitten] Fw: New Version Notification for dra… William J. Mills
Re: [kitten] Fw: New Version Notification for dra… Sam Hartman
Re: [kitten] Fw: New Version Notification for dra… Cantor, Scott E.
Re: [kitten] Fw: New Version Notification for dra… William J. Mills
Re: [kitten] Fw: New Version Notification for dra… Sam Hartman
Re: [kitten] Fw: New Version Notification for dra… Nico Williams
Re: [kitten] Fw: New Version Notification for dra… Cantor, Scott E.
Re: [kitten] Fw: New Version Notification for dra… Nico Williams
Re: [kitten] Fw: New Version Notification for dra… Nico Williams
Re: [kitten] Fw: New Version Notification for dra… William J. Mills
[kitten] CB data characteristics Re: Fw: New Vers… William J. Mills
Re: [kitten] CB data characteristics Re: Fw: New … William J. Mills
Re: [kitten] CB data characteristics Re: Fw: New … Nico Williams
Re: [kitten] CB data characteristics Re: Fw: New … William J. Mills
Re: [kitten] CB data characteristics Re: Fw: New … Nico Williams
Re: [kitten] CB data characteristics Re: Fw: New … Nico Williams
Re: [kitten] CB data characteristics Re: Fw: New … William J. Mills
Re: [kitten] CB data characteristics Re: Fw: New … Nico Williams
Re: [kitten] CB data characteristics Re: Fw: New … William J. Mills
Re: [kitten] CB data characteristics Re: Fw: New … Nico Williams
[kitten] Is a workign session needed? Re: Fw: New… William J. Mills
Re: [kitten] CB data characteristics Re: Fw: New … Martin Rex
Re: [kitten] CB data characteristics Re: Fw: New … William J. Mills
Re: [kitten] Is a workign session needed? Re: Fw:… Shawn Emery