IETF Logo Mail Archive

Re: [kitten] Feedback from IETF #83 on the OAUTH/SASL-KRB draft

Simon Josefsson <simon@josefsson.org> Wed, 04 April 2012 07:53 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AD9121F865C for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 00:53:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.723
X-Spam-Level:
X-Spam-Status: No, score=-99.723 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, HELO_MISMATCH_COM=0.553, HOST_EQ_STATICB=1.372, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ul8dJhUADezC for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 00:53:52 -0700 (PDT)
Received: from yxa-v.extundo.com (static-213-115-179-173.sme.bredbandsbolaget.se [213.115.179.173]) by ietfa.amsl.com (Postfix) with ESMTP id C25D421F8681 for <kitten@ietf.org>; Wed, 4 Apr 2012 00:53:51 -0700 (PDT)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se [213.115.179.130]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q347rehY009278 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 4 Apr 2012 09:53:41 +0200
From: Simon Josefsson <simon@josefsson.org>
To: William Mills <wmills@yahoo-inc.com>
References: <1333498239.81695.YahooMailNeo__7415.59771490774$1333498249$gmane$org@web31804.mail.mud.yahoo.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:120404:wmills@yahoo-inc.com::CfaU7aEXzDtGOGgG:8S68
X-Hashcash: 1:22:120404:kitten@ietf.org::c5ZfAP5hwdfbXCyR:NRIv
Date: Wed, 04 Apr 2012 09:53:40 +0200
In-Reply-To: <1333498239.81695.YahooMailNeo__7415.59771490774$1333498249$gmane$org@web31804.mail.mud.yahoo.com> (William Mills's message of "Tue, 3 Apr 2012 17:10:39 -0700 (PDT)")
Message-ID: <87sjgkq6ez.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.0.94 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.97.3 at yxa-v
X-Virus-Status: Clean
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Feedback from IETF #83 on the OAUTH/SASL-KRB draft
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 07:53:52 -0000

William Mills <wmills@yahoo-inc.com> writes:

> For the OAUTH mechanism a similar style signed request example is:
> GET / HTTP/1.1
> Host: server.example.com
> User: user@example.com
> Authorization: MAC token="h480djs93hd8",timestamp="137131200",
> nonce="dj83hs9s",signature="YTVjyNSujYs1WsDurFnvFi4JK6o="
>
>
> The OAUTH mechanism will require (as currently specified) parsing of a
> Host, User, and Authorization header.

Why can't this be parsed before it is sent it over the SASL wire, and
the necessary HTTP headers reconstructed on the other side?

Is it because you want to offer compatibility with future OAuth
extensions that would send additional HTTP headers?  So by sending HTTP
headers over SASL, you will automatically support those future
extensions as well?

I can understand that reason.  Are there other reasons?

/Simon

v2.23.0 | Report a Bug | By Email