Re: [kitten] [saag] AD sponsoring draft-hansen-scram-sha256

Tony Hansen <tony@att.com> Tue, 24 February 2015 14:53 UTC

Return-Path: <tony@att.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD7061A1A51 for <kitten@ietfa.amsl.com>; Tue, 24 Feb 2015 06:53:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.189
X-Spam-Level:
X-Spam-Status: No, score=-3.189 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ELwWx4zIfhbY for <kitten@ietfa.amsl.com>; Tue, 24 Feb 2015 06:53:46 -0800 (PST)
Received: from nbfkord-smmo07.seg.att.com (nbfkord-smmo07.seg.att.com [209.65.160.93]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 760431A0203 for <kitten@ietf.org>; Tue, 24 Feb 2015 06:53:46 -0800 (PST)
Received: from unknown [144.160.229.23] (EHLO alpi154.enaf.aldc.att.com) by nbfkord-smmo07.seg.att.com(mxl_mta-7.2.4-5) over TLS secured channel with ESMTP id 9709ce45.0.4838826.00-2309.13576520.nbfkord-smmo07.seg.att.com (envelope-from <tony@att.com>); Tue, 24 Feb 2015 14:53:46 +0000 (UTC)
X-MXL-Hash: 54ec907a46954f82-f0c776970498897dd83bd16d5582b412c957d609
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t1OEri1Q005371 for <kitten@ietf.org>; Tue, 24 Feb 2015 09:53:44 -0500
Received: from alpi133.aldc.att.com (alpi133.aldc.att.com [130.8.217.3]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t1OEreOT005315 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <kitten@ietf.org>; Tue, 24 Feb 2015 09:53:40 -0500
Received: from alpi153.aldc.att.com (alpi153.aldc.att.com [130.8.42.31]) by alpi133.aldc.att.com (RSA Interceptor) for <kitten@ietf.org>; Tue, 24 Feb 2015 14:53:26 GMT
Received: from aldc.att.com (localhost [127.0.0.1]) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t1OErQ6p026163 for <kitten@ietf.org>; Tue, 24 Feb 2015 09:53:26 -0500
Received: from dns.maillennium.att.com (maillennium.att.com [135.25.114.99]) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t1OErKM2025812 for <kitten@ietf.org>; Tue, 24 Feb 2015 09:53:20 -0500
Received: from tonys-macbook-pro.local (unknown[135.110.241.46](untrusted sender)) by maillennium.att.com (mailgw1) with ESMTP id <20150224145319gw1000ceeie>; Tue, 24 Feb 2015 14:53:19 +0000
X-Originating-IP: [135.110.241.46]
Message-ID: <54EC905F.7060404@att.com>
Date: Tue, 24 Feb 2015 09:53:19 -0500
From: Tony Hansen <tony@att.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
CC: "kitten@ietf.org" <kitten@ietf.org>
References: <54DC00D0.2050900@cs.tcd.ie> <54EC66FF.50603@cs.tcd.ie>
In-Reply-To: <54EC66FF.50603@cs.tcd.ie>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-AnalysisOut: [v=2.0 cv=KNft+i5o c=1 sm=1 a=VXHOiMMwGAwA+y4G3/O+aw==:17 a]
X-AnalysisOut: [=9cW_t1CCXrUA:10 a=mJp9S24oyUUA:10 a=6ASjcdcU7ckA:10 a=BLc]
X-AnalysisOut: [eEmwcHowA:10 a=IkcTkHD0fZMA:10 a=zQP7CpKOAAAA:8 a=0HtSIViG]
X-AnalysisOut: [9nkA:10 a=TFv4FGCHG9rH0VdxLmwA:9 a=QEXdDO2ut3YA:10]
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2014051901)]
X-MAIL-FROM: <tony@att.com>
X-SOURCE-IP: [144.160.229.23]
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/mXS1lEEZ5BTvDLsMiaSXEn3cjRI>
Subject: Re: [kitten] [saag] AD sponsoring draft-hansen-scram-sha256
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2015 14:53:48 -0000

On 2/24/15 6:56 AM, Stephen Farrell wrote:
> (list reduced to kitten)
>
> On 12/02/15 01:24, Stephen Farrell wrote:
>> Hiya,
>>
>> I've been asked to AD sponsor draft-hansen-scram-sha256 [1] as it's
>> needed for some work in http-auth but doesn't quite fit with any
>> current WG. I plan to start an IETF LC for that shortly, but please
>> do let me know if there are any issues.
>>
>> This was previously discussed on the kitten WG list, so (with
>> the WG chairs' permission) I'd ask that you send any comments
>> there if you've any before I start the IETF LC. (Reply-to is
>> set to the kitten WG list.)
> So I've seen positive responses, and some tweaks suggested which
> are all to the good, so I'm happy to sponsor this work.
>
> But in addition, there were two substantive issues that ought be
> resolved before IETF LC:
>
> 1. a new channel binding or requiring tls-session-hash (and I guess
>     some explanatory text about why that is good/needed)
>
> 2. justify and possibly mandate an iteration count with which folks
>     are happy
>
> Tony - could you propose text for #1 and #2 or start threads to
> resolve them. Feel free to shoot out any revisions you think make
> sense whilst doing that. And once we're done with those, and have
> a draft that reflects the consensus then I'll start IETF LC.

Thanks Stephen. I'll start separate threads for these.

     Tony