Re: [kitten] Feedback from IETF #83 on the OAUTH/SASL-KRB draft
Simon Josefsson <simon@josefsson.org> Wed, 04 April 2012 07:53 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AD9121F865C for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 00:53:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.723
X-Spam-Level:
X-Spam-Status: No, score=-99.723 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, HELO_MISMATCH_COM=0.553, HOST_EQ_STATICB=1.372, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ul8dJhUADezC for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 00:53:52 -0700 (PDT)
Received: from yxa-v.extundo.com (static-213-115-179-173.sme.bredbandsbolaget.se [213.115.179.173]) by ietfa.amsl.com (Postfix) with ESMTP id C25D421F8681 for <kitten@ietf.org>; Wed, 4 Apr 2012 00:53:51 -0700 (PDT)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se [213.115.179.130]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q347rehY009278 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 4 Apr 2012 09:53:41 +0200
From: Simon Josefsson <simon@josefsson.org>
To: William Mills <wmills@yahoo-inc.com>
References: <1333498239.81695.YahooMailNeo__7415.59771490774$1333498249$gmane$org@web31804.mail.mud.yahoo.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:120404:wmills@yahoo-inc.com::CfaU7aEXzDtGOGgG:8S68
X-Hashcash: 1:22:120404:kitten@ietf.org::c5ZfAP5hwdfbXCyR:NRIv
Date: Wed, 04 Apr 2012 09:53:40 +0200
In-Reply-To: <1333498239.81695.YahooMailNeo__7415.59771490774$1333498249$gmane$org@web31804.mail.mud.yahoo.com> (William Mills's message of "Tue, 3 Apr 2012 17:10:39 -0700 (PDT)")
Message-ID: <87sjgkq6ez.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.0.94 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.97.3 at yxa-v
X-Virus-Status: Clean
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Feedback from IETF #83 on the OAUTH/SASL-KRB draft
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 07:53:52 -0000
William Mills <wmills@yahoo-inc.com> writes: > For the OAUTH mechanism a similar style signed request example is: > GET / HTTP/1.1 > Host: server.example.com > User: user@example.com > Authorization: MAC token="h480djs93hd8",timestamp="137131200", > nonce="dj83hs9s",signature="YTVjyNSujYs1WsDurFnvFi4JK6o=" > > > The OAUTH mechanism will require (as currently specified) parsing of a > Host, User, and Authorization header. Why can't this be parsed before it is sent it over the SASL wire, and the necessary HTTP headers reconstructed on the other side? Is it because you want to offer compatibility with future OAuth extensions that would send additional HTTP headers? So by sending HTTP headers over SASL, you will automatically support those future extensions as well? I can understand that reason. Are there other reasons? /Simon
- [kitten] Feedback from IETF #83 on the OAUTH/SASL… William Mills
- [kitten] OAUTH/SASL... to HTTP or not to HTTP, th… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Nico Williams
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Simon Josefsson
- Re: [kitten] Feedback from IETF #83 on the OAUTH/… Simon Josefsson
- Re: [kitten] Feedback from IETF #83 on the OAUTH/… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Matt Peterson