IETF Logo Mail Archive

Re: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02

"William J. Mills" <wmills@yahoo-inc.com> Fri, 08 April 2011 17:30 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 093883A68D5 for <kitten@core3.amsl.com>; Fri, 8 Apr 2011 10:30:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3+zFTUYG-zvb for <kitten@core3.amsl.com>; Fri, 8 Apr 2011 10:30:00 -0700 (PDT)
Received: from web32303.mail.mud.yahoo.com (web32303.mail.mud.yahoo.com [68.142.207.151]) by core3.amsl.com (Postfix) with SMTP id 12B823A68D4 for <kitten@ietf.org>; Fri, 8 Apr 2011 10:30:00 -0700 (PDT)
Received: (qmail 2238 invoked by uid 60001); 8 Apr 2011 17:31:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1302283902; bh=37IgLVjf5qP0VsizaKXmmJLk+YPPWeFijkczD++NVkg=; h=Message-ID:X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=iPX68c0FJCNbHPopVGFvb4JEb3BSVS6MUoTwLh5Dp3OTIRA+WwB88St92e1ROSLleswLoVv/UqbBCrBd4Xtbxa1iucBG/LUQCPm/ctu5gmwo9ETHKPlwXrAuo730vZV5kGbZVqfaNT2nAw4yuLheDu6RiUpIjowR0oNul/V5tec=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=Message-ID:X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=jIEtRrUQIWKWEIYzFJQJVRXsKI9ZkFf4VzaMIZK/ISC/DmrdSUPfoaXTUflppwG9XAII4IvpcF8oQ+xm8mkoVIjzw+aEKh5P/JXGtGijUtwtkdQHaExbt+9wPhye+vDCaJlyDqv7uNYA672WDuO+29NpprabjDVVUF6Xq0rVeag=;
Message-ID: <754979.46407.qm@web32303.mail.mud.yahoo.com>
X-YMail-OSG: DI6DyTMVM1m00QZS3qhl5JuJJYdObgsN1KuQEVMcfA_89xI 4co8mVw7.zxSTpONKXdc3X3QIc4pFNYQa0oPOhUIqu0NWNF_BmScZ8ya8oOu rlG3TqwOqrimTdjE8xyPRk6JaSajlfHiCV_QMZS_DFaglflXLFZnk_ZjZZ_2 8EQFVziCqjySB38w13_bMMBzrjaq8RKtWRkYztbWMtZU5zulC_WndSH4UN5x EOBX1OrewAYwNUFEAEE5gbORXLzcpjGiPo4CZw54dIX3H4AtZRxaWGlQi0dz Gx4eqeaEKRhD8yCR9PYb09UQ5.Hk7lNbdlw33aGvg7Df_.X4g.PS3nL8PFIs ZWiaaQwAaZBPyoFkoy6pf3gljnT9DNn1Byp_Dsxg-
Received: from [209.131.62.115] by web32303.mail.mud.yahoo.com via HTTP; Fri, 08 Apr 2011 10:31:42 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.110.299900
References: <20110408070506.12ECB3A6A4C@core3.amsl.com> <416848.75882.qm__16525.0710481361$1302247955$gmane$org@web32314.mail.mud.yahoo.com> <87hba9b13i.fsf@latte.josefsson.org> <tsl4o684s5q.fsf@mit.edu>
Date: Fri, 08 Apr 2011 10:31:42 -0700
From: "William J. Mills" <wmills@yahoo-inc.com>
To: Sam Hartman <hartmans-ietf@mit.edu>, Simon Josefsson <simon@josefsson.org>
In-Reply-To: <tsl4o684s5q.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1789557634-1302283902=:46407"
Cc: "kitten@ietf.org" <kitten@ietf.org>, Tim Showalter <timshow@yahoo-inc.com>
Subject: Re: [kitten] Fw: New Version Notification for draft-mills-kitten-sasl-oauth-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "William J. Mills" <wmills@yahoo-inc.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2011 17:30:03 -0000

At the moment I was going with simple.  If multiple types are supported then I have to be able to communicate what types of channel binding are accepted, which I suppose could go in the WWW-Authenticate header in the discovery information.  It's relatively easy to add a variable for the CB type.

If tls-server-end-point is easier to implement I'm happy to pick that one, subject to limiting to a single CB type.  


My thought was that if the service is offered over another secure channel then OAUTH-SSH could be defined for channel binding to SSH.

-bill



________________________________
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Simon Josefsson <simon@josefsson.org>
Cc: William J. Mills <wmills@yahoo-inc.com>; "kitten@ietf.org" <kitten@ietf.org>; Tim Showalter <timshow@yahoo-inc.com>
Sent: Friday, April 8, 2011 9:36 AM
Subject: Re: [kitten] Fw: New Version Notification for  draft-mills-kitten-sasl-oauth-02

I'm confused.
Why does the oauth sasl mechanism want to restrict what channel binding
types are permitted?
Also, why the desire to require tls-unique instead of
tls-server-endpoint?
The tls-server-endpoint channel binding type is easier to implement.

v2.23.0 | Report a Bug | By Email