Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP, that is the question...
Nico Williams <nico@cryptonector.com> Wed, 04 April 2012 01:22 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1306111E810A for <kitten@ietfa.amsl.com>; Tue, 3 Apr 2012 18:22:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.374
X-Spam-Level:
X-Spam-Status: No, score=-1.374 tagged_above=-999 required=5 tests=[AWL=0.603, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rIgr1j9H+ksu for <kitten@ietfa.amsl.com>; Tue, 3 Apr 2012 18:22:48 -0700 (PDT)
Received: from homiemail-a73.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207]) by ietfa.amsl.com (Postfix) with ESMTP id E795E11E8072 for <kitten@ietf.org>; Tue, 3 Apr 2012 18:22:48 -0700 (PDT)
Received: from homiemail-a73.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTP id 7726E1F0083 for <kitten@ietf.org>; Tue, 3 Apr 2012 18:22:48 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=D+P0pu0c6oD8z7iHStYgnAoeIdbcx5Ty+/Fi0igBXt5l s2XgwaBzwrm9hraK16+KiW/OzqUFBgenNdX10U33VlboUFfL9lH3m+kJfHKbmjD4 eo+rvF4MdCoRSPo1hzzXeukpwtECuDIIMMWPp6Os+gs/dgZ8hAsrGrn4+JKftsg=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=otxRZuhR6iVyDtAyC4RcXbzH/AA=; b=WMk57zVLwQc 6IHnK01hzkTuyWCt87UzYNek4v5n/0uQx/crEhwchbc24Q8EmmtHRF9i2LCBoEBZ MpDgZOJVgQjvfHnPs3WM4jj5bJrL32dUe5ipDHOtQS1TaNo3UkpqwStXNe2EYUlV S5qjse8JUSEgkAyapmABGf8x3/r6xcrg=
Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTPSA id 4ACE31F001E for <kitten@ietf.org>; Tue, 3 Apr 2012 18:22:48 -0700 (PDT)
Received: by dady13 with SMTP id y13so401681dad.27 for <kitten@ietf.org>; Tue, 03 Apr 2012 18:22:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.132.99 with SMTP id ot3mr32623820pbb.160.1333502567859; Tue, 03 Apr 2012 18:22:47 -0700 (PDT)
Received: by 10.68.28.6 with HTTP; Tue, 3 Apr 2012 18:22:47 -0700 (PDT)
In-Reply-To: <1333501139.69852.YahooMailNeo@web31807.mail.mud.yahoo.com>
References: <1333498239.81695.YahooMailNeo@web31804.mail.mud.yahoo.com> <1333501139.69852.YahooMailNeo@web31807.mail.mud.yahoo.com>
Date: Tue, 03 Apr 2012 20:22:47 -0500
Message-ID: <CAK3OfOjPJK6cBdtCMwtdOwSdkF9vkPybDCnShbGezAUAFrjhvw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: William Mills <wmills@yahoo-inc.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP, that is the question...
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 01:22:52 -0000
On Tue, Apr 3, 2012 at 7:58 PM, William Mills <wmills@yahoo-inc.com> wrote: > The major question remaining for my draft is HTTP(like) or not for the SASL > message format? Please select one of the following: > > A) The current message format is fine. > B) HTTP-like is OK as long as we limit the insanity. > C) HTTP in any form is a deal breaker for me. Give me something simple. > D) None of the above, and I have a possible solution of my own to > propose. I'm not an implementor of this protocol. Some day I might be. I'm OK with (B), but I'd prefer something saner than HTTP. JSON is almost perfectly sane (missing only a self-describing encoding of binary data). I want it to be simple, and I think HTTP-like-but-lite would be OK, but there's so much off-the-shelf code and experience with JSON... If there's running code that has been deployed then I think (B) is the best option. HTTP-like with HTTP insanity is a deal breaker though. So count me as in favor of (B) if there's not enough support for (C). Nico --
- [kitten] Feedback from IETF #83 on the OAUTH/SASL… William Mills
- [kitten] OAUTH/SASL... to HTTP or not to HTTP, th… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Nico Williams
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Simon Josefsson
- Re: [kitten] Feedback from IETF #83 on the OAUTH/… Simon Josefsson
- Re: [kitten] Feedback from IETF #83 on the OAUTH/… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Matt Peterson