IETF Logo Mail Archive

Re: [kitten] AD review of draft-ietf-kitten-sasl-oauth-21

Bill Mills <wmills_92105@yahoo.com> Wed, 29 April 2015 21:40 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE6861A6FED for <kitten@ietfa.amsl.com>; Wed, 29 Apr 2015 14:40:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.759
X-Spam-Level:
X-Spam-Status: No, score=-1.759 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dT1KMZbKyTUo for <kitten@ietfa.amsl.com>; Wed, 29 Apr 2015 14:40:57 -0700 (PDT)
Received: from nm37-vm8.bullet.mail.ne1.yahoo.com (nm37-vm8.bullet.mail.ne1.yahoo.com [98.138.229.136]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9406E1A8725 for <kitten@ietf.org>; Wed, 29 Apr 2015 14:40:57 -0700 (PDT)
Received: from [127.0.0.1] by nm37.bullet.mail.ne1.yahoo.com with NNFMP; 29 Apr 2015 21:40:57 -0000
Received: from [98.138.100.116] by nm37.bullet.mail.ne1.yahoo.com with NNFMP; 29 Apr 2015 21:38:12 -0000
Received: from [98.139.170.182] by tm107.bullet.mail.ne1.yahoo.com with NNFMP; 29 Apr 2015 21:38:12 -0000
Received: from [98.139.215.254] by tm25.bullet.mail.bf1.yahoo.com with NNFMP; 29 Apr 2015 21:38:12 -0000
Received: from [127.0.0.1] by omp1067.mail.bf1.yahoo.com with NNFMP; 29 Apr 2015 21:38:12 -0000
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id: 134750.94597.bm@omp1067.mail.bf1.yahoo.com
Received: (qmail 25591 invoked by uid 60001); 29 Apr 2015 21:38:12 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1430343492; bh=0RkT6QtPWmx3SHl7+86iLsdBdrmWjCH8PQbx15CJ0ws=; h=Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=tV5B+SJlHgGBTnWL7khuIoCFZnNnMRmlW+OPrH2Xf4OvukrB0Y0VhAZxpaNgXYX/BU9ai5cOkUw29cAAT348eqcSSLi+jP86+6TDQbPuIoRGpJYZnpNxUkXSObiX4HahUb2wh4J2kF4AXOc2Yera8CpfGE6wZbpvG7F0rHF+1Ns=
X-YMail-OSG: GLe132gVM1l5NsVxjQFNP7ZStvgVzF3XykHXknX_5KI565L Mq.nle.lWxkGYiRmcUV3CXnpaKODa7RjO8BtC8nkaoNgbP9fsd1oGHEaJXV. YU5tGJHX_ewUY0RU7DZfGMumjfbMzTMRCY6CcMOgJAXRq7su2gGuektO0UBM yCexxEnGtklPK1bj0ZFocWaD0fmk49K0X6rMlylL081qk3k3kt_ygqlFtHKv wRxt3cuwhTU1hb6whUfGUZ0WVwOofaqRqRTsYTaM2fldfDOJFcNhwmqdXtzd pCSmzbxK_uwRDjn_UXRLAFykG.5AFAFs9vrRfuZZrcAjumn8jAXStOLNeKBt uP4VsaGnVcwXJVvbssN9PwCAZYKCGXipvDdwtIDCWhKAgkw6Y5aa0KvdjDVQ mNzNLia0nVN0jopEgJjqe50XrpvTVb8s8BRVkHpomldTWCZjK8oKcRNgK3Mp djcHg6aqDfxMup4jeutSm__ilfTBHHR1q3rRKYLMqn_eCoVLbaooZvHlGFBe HFg_H927dYn2p76qDvR6lRELo.L.IeUUjiUhLWRFhKdi.nQzHiyDhSFWPM4A sq1A9E4cSBIICCJWFQ6lpEg--
Received: from [167.220.25.190] by web142801.mail.bf1.yahoo.com via HTTP; Wed, 29 Apr 2015 14:38:11 PDT
X-Rocket-MIMEInfo: 002.001, RXZlcnl0aGluZyB1cCB0byB0aGUgY29uY3JldGUgZXhhbXBsZSB3b3JrcyBmb3IgbWUuIMKgVGhlIGV4YW1wbGUgaXMgdmFwb3J3YXJlLCBJJ2QgcmF0aGVyIHVzZSBhIGNvbmNyZXRlIG9uZSBvciBsZWF2ZSBpdCBvdXQuCgpTZW50IGZyb20gWWFob28gTWFpbCBvbiBBbmRyb2lkCgpGcm9tOiJTdGVwaGVuIEZhcnJlbGwiIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPgpEYXRlOldlZCwgQXByIDI5LCAyMDE1IGF0IDE0OjA1ClN1YmplY3Q6UmU6IFtraXR0ZW5dIEFEIHJldmlldyBvZiBkcmFmdC1pZXRmLWsBMAEBAQE-
X-Mailer: YahooMailAndroidMobile/4.8.10 YahooMailWebService/0.8.203.740
Message-ID: <1430343491.78016.YahooMailAndroidMobile@web142801.mail.bf1.yahoo.com>
Date: Wed, 29 Apr 2015 14:38:11 -0700
From: Bill Mills <wmills_92105@yahoo.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Benjamin Kaduk <kaduk@MIT.EDU>
In-Reply-To: <55414795.3030606@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="469468616-1937866873-1430343491=:78016"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/ZBDy_6L55qSmjSV3-2otxf_DOJs>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] AD review of draft-ietf-kitten-sasl-oauth-21
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2015 21:40:59 -0000

Everything up to the concrete example works for me.  The example is vaporware, I'd rather use a concrete one or leave it out.

Sent from Yahoo Mail on Android

From:"Stephen Farrell" <stephen.farrell@cs.tcd.ie>
Date:Wed, Apr 29, 2015 at 14:05
Subject:Re: [kitten] AD review of draft-ietf-kitten-sasl-oauth-21



On 29/04/15 20:43, Benjamin Kaduk wrote:
> The server fully validates the client response before generating a server
> response; this will necessarily include the validation steps listed in the
> specification for the OAuth Access Token Type used.  However, additional
> validation steps may be needed, depending on the particular application
> protocol making use of SASL.  In particular, values included as kvpairs in
> the client response (such as host and port) which correspond to values
> known to the application by some other mechanism (such as an application
> protocol data unit or pre-configured values) MUST be validated to match
> between the initial client response and the the other source(s) of such
> information.  As a concrete example, when SASL is used over TLS, the
> hostname can be available via the Server Name Indication TLS extension;
> this hostname must be validated to match the value sent in the 'host'

Yep, that'd work I think.



S.

v2.23.0 | Report a Bug | By Email