IETF Logo Mail Archive

Re: [kitten] Alexey's comments Re: WGLC of draft-ietf-kitten-sasl-oauth-18

Bill Mills <wmills_92105@yahoo.com> Wed, 07 January 2015 18:14 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AF6B1A0233 for <kitten@ietfa.amsl.com>; Wed, 7 Jan 2015 10:14:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.191
X-Spam-Level: *
X-Spam-Status: No, score=1.191 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wGAaOIBznn0R for <kitten@ietfa.amsl.com>; Wed, 7 Jan 2015 10:14:54 -0800 (PST)
Received: from nm11-vm1.bullet.mail.bf1.yahoo.com (nm11-vm1.bullet.mail.bf1.yahoo.com [98.139.213.152]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F2BC1A0270 for <kitten@ietf.org>; Wed, 7 Jan 2015 10:12:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1420654321; bh=3HzGKvFL9rhDFGn8gJ2F8wbSVN6JGDpZnpe1bR40JLU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=uEUn1dGofFpGCPp4wXUwyeV3EI9wwR80qx8PM7ty8nexxuZ+jEpGLS+B8TG4DHxQufbxLVcSWf8lmCxdH8c2XLwqWUZR4SZTmFAF1e8gJi0PDXeOUScT2BkzgZJPWRaeA4BlIPLEVG6IATHI2eObzc89raUGUs3dvwPredtbWXvzozz6eLBJJwEiMz9wIpj9fqsy28Hf3rWgS6jWP3j62G3l2b+qUdlECk3Aj1nXYEarsa7EZ731yTwuJL6PCEW0y8zxUhCJ725iD4EwebFlwtbNsdJpYM0lcVuAiOQvjmS1M2wPM0DuWQRkXs+cnsy2RQCCcGuITAvN4blG6Xfe3Q==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=oFqHkHYgMPiyIG8FhOnn1502+qK/3lbW7KebFPuzvI/73ccLMYYBF3dSTVH2x4Y//MiskKdJ+uzXyeud0Grv/bjRvkTGjpR9Awft7Rvc6vTn2ljjR5Sbmlqgf51X31Rdv06wjj0jbQGF9C1HvIqFfHKyQjIQ3fD9/zSPK75+2F+q0+zxA2YfyRWyr/Gn4+ZZ56CyYGHhUvDDx4uQyK9rhFfsYMEQZeou+Nwpb2DWja9sZaMo/Ra8RdYR66MywyqdgCBs0zeZelfwneDHsZi/G+OQJEChwXY9VLNq1W7JH/U8ETBRgQhNK/8g0dI2rMok+IwiZPnLzE2fWTuydcF/tw==;
Received: from [66.196.81.170] by nm11.bullet.mail.bf1.yahoo.com with NNFMP; 07 Jan 2015 18:12:01 -0000
Received: from [98.139.212.198] by tm16.bullet.mail.bf1.yahoo.com with NNFMP; 07 Jan 2015 18:12:01 -0000
Received: from [127.0.0.1] by omp1007.mail.bf1.yahoo.com with NNFMP; 07 Jan 2015 18:12:01 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 430951.97250.bm@omp1007.mail.bf1.yahoo.com
X-YMail-OSG: 0XezCAQVM1lOl0.aexgNq1heaUIaCxRd727yPdNgKxeru_855yZ3sqevrgddRL7 p5m2u65CD8qfXyqXeAGMlzy0tVmhG.ge2MuvDeP1ONOp_P4i0rrvq6GXtcLPZA17auW8fwVv3jkE EFT9X2_3.kzvHubasaXL6F5oFeukMQ4xVGD.0Rab2onvGgpDtQbIowQcZnuQoSMYIV7JtB0SDi_v A86fL00L7yyvPvYXunR0HYaLHOk8B8ZwCpcjx5JI3M9OzR_bVHPhlDotLY0d0tyUIbmhB65pHvCl EuYzjrZTla4LbBvVRnDJZNqUUO6ZHMHZ4VU3hoORAdVr9xrWL3dnKFmawoldskQWme.kiFPVXvmH OdkYbmyWrlrdCMMLlRDXYHO3L2gttU9NJ4y3XNmOVMcw7GCFysyWeXzQknMZjdm94Ra5cq5CfE8b 7zaeGpIswzlLhPV9mWmOtA870l9xXyx.OdtW8uKVAabG.oMM3YCXGj8vWyno4C6OaQL6qG5Is_az bQJXS_PgEUR_._9ysQY0_KFcUk9gEHIGG
Received: by 76.13.26.107; Wed, 07 Jan 2015 18:12:01 +0000
Date: Wed, 07 Jan 2015 18:12:00 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Message-ID: <788717600.945785.1420654320660.JavaMail.yahoo@jws10603.mail.bf1.yahoo.com>
In-Reply-To: <alpine.GSO.1.10.1501071251500.23489@multics.mit.edu>
References: <alpine.GSO.1.10.1501071251500.23489@multics.mit.edu>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_945784_1004062929.1420654320654"
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/Vm4a_pi7r8MUfcd9ZhnyBZGVBaY
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Alexey's comments Re: WGLC of draft-ietf-kitten-sasl-oauth-18
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jan 2015 18:14:55 -0000

Added 
"The client response consisting of only a single kvsep is used only when authentication fails, and is only valid in that context. If sent as the first message from the client the server MAY simply fail the authentication without returning discovery information since there is no user or server name indication."
 

     On Wednesday, January 7, 2015 9:57 AM, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
   

 Bill, Alexey,

Thanks for working through these comments (I'm still catching up after the
holidays) -- I do agree with Alexey that having the examples right is very
important.

Looking through this thread, I don't see a response to one of Alexey's
comments, though:

% client_resp    = (gs2-header kvsep 0*kvpair kvsep) / kvsep
%
% Did you mean that the whole client response can be just a single separator
% character? I think this is not compatible with GS2 framing. If you only meant to
% allow that for failed authentication, I suggest you add a comment and point to
% section 3.2.3.

If I correctly remember how things work, I think that Alexey is right that
this is only allowed for failed authentication, so a comment is needed
here.

-Ben

v2.23.0 | Report a Bug | By Email