IETF Logo Mail Archive

Re: [kitten] OID DER for OPENID20/SAML20

Simon Josefsson <simon@josefsson.org> Wed, 04 April 2012 17:26 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27F8F21F855B for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 10:26:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.78
X-Spam-Level:
X-Spam-Status: No, score=-99.78 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, HELO_MISMATCH_COM=0.553, HOST_EQ_STATICB=1.372, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O-QUgLhNEkrp for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 10:26:24 -0700 (PDT)
Received: from yxa-v.extundo.com (static-213-115-179-173.sme.bredbandsbolaget.se [213.115.179.173]) by ietfa.amsl.com (Postfix) with ESMTP id 4B53321F855A for <kitten@ietf.org>; Wed, 4 Apr 2012 10:26:24 -0700 (PDT)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se [213.115.179.130]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q34HQC55003263 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 4 Apr 2012 19:26:14 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Alexey Melnikov <alexey.melnikov@isode.com>
References: <87k41vlfg6.fsf@latte.josefsson.org> <4F7C7CF4.9070502__14269.8731193834$1333558527$gmane$org@isode.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:120404:kitten@ietf.org::5nVscVDfbqb20lkF:EPX
X-Hashcash: 1:22:120404:alexey.melnikov@isode.com::Mra8uM84QU1Qrcc5:4u49
Date: Wed, 04 Apr 2012 19:26:12 +0200
In-Reply-To: <4F7C7CF4.9070502__14269.8731193834$1333558527$gmane$org@isode.com> (Alexey Melnikov's message of "Wed, 04 Apr 2012 17:55:16 +0100")
Message-ID: <878vibjtmz.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.0.94 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.97.3 at yxa-v
X-Virus-Status: Clean
Cc: kitten@ietf.org
Subject: Re: [kitten] OID DER for OPENID20/SAML20
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 17:26:25 -0000

Alexey Melnikov <alexey.melnikov@isode.com> writes:

> On 04/04/2012 15:49, Simon Josefsson wrote:
>> Maybe this ought to have been in the specs since most people appear to
>> compute them by hand, but it isn't.
> IMHO, this would be a fine addition to the specs.

I agree.  We still have an opportunity to add it in AUTH48, how about
this for SAML20:

OLD:
   The GSS-API mechanism OID for SAML is 1.3.6.1.5.5.17 (see Section 7.2
   for more information).
NEW:
   The GSS-API mechanism OID for SAML is 1.3.6.1.5.5.17 (see Section 7.2
   for more information).  The DER encoding of the OID is 0x2b 0x06 0x01
   0x05 0x05 0x11.

I'd feel more comfortable about this if someone could confirm the DER
encoding though.

/Simon

>> So the DER encoding of the OPENID20
>> OID that I'm using is:
>>
>> gss_OID_desc GSS_OPENID20_static = {
>>    6, (void *) "\x2b\x06\x01\x05\x05\x10"
>> };
>>
>> and for SAML20 it is:
>>
>> gss_OID_desc GSS_SAML20_static = {
>>    6, (void *) "\x2b\x06\x01\x05\x05\x11"
>> };
>>
>> If I prepend \x06 (tag for OID) and \x06 (length 06) I can DER decode
>> the OIDs using e.g. 'dumpasn1' and it looks right.
>>
>> However, it would be good if someone else confirmed this independently
>> (or at least as independently as can be hoped for since I have now
>> posted my guess).

v2.23.0 | Report a Bug | By Email