IETF Logo Mail Archive

Re: [kitten] Alexey's comments Re: WGLC of draft-ietf-kitten-sasl-oauth-18

Bill Mills <wmills_92105@yahoo.com> Thu, 08 January 2015 06:40 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEC601A8864 for <kitten@ietfa.amsl.com>; Wed, 7 Jan 2015 22:40:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.191
X-Spam-Level: *
X-Spam-Status: No, score=1.191 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qxFvmYRvUi3I for <kitten@ietfa.amsl.com>; Wed, 7 Jan 2015 22:40:45 -0800 (PST)
Received: from nm24-vm0.bullet.mail.bf1.yahoo.com (nm24-vm0.bullet.mail.bf1.yahoo.com [98.139.213.161]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A55B1A885A for <kitten@ietf.org>; Wed, 7 Jan 2015 22:40:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1420699242; bh=J/CmclJXfj8lg5ej+QPqXdeyWNZDOWz4ke4Q6nPWmbA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=RErzvUsu1Z4CpT765LUYqX3zcCd1CVCD/x2OB8kD4u73lxpWYMpjcuk8MMo1DXfBAStCaYUtNceQrOG6ZWWRo17RDjXns/G+pfBZMOOmYMy75x7Y6WXM/+5lPQI90E6U2WrR2m+W4+fqWPcR2HzQwJFvqxMiEM8KZysA8OKVy0gbTBiv8MhJ4VpAfnK0/KZeqhgJe2UkehkRY49CVC13QCk4hod2Q+LwOt5tZG5H1d6m4sASzxQPIVOcQ5WTzN+V67MaFMN+IXMwi3C8tlUIniZM5tSz4tz5T63SbRbfrXyMF8JwhucDCzCCXJ/Fd6UCnI5oTCM7XIU7vukZxlPTCw==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=jHxKyNs/6jvnDq+eZwEbVq+olIEE2I++dvFYak0ulYgeQJboaYC28iNsUmiUMPs7MQwTtFIuza26W07BarAJWhApXuj1g44J+pbH4zd/15Q7+LtMasskzQPZOzLOfi8H4ow51udXdKrGt47pd2jnxw8m3HI5Z42YV2909NiQVhbB9HAuv9nhQGSg5Xub0OTb38nWzM+tUx6JBlG+AnUXdmvZL402LzGpIeU+XPP6g/W4hDTQKoA6bDOkPH+/jIiIQrcO8Pv6SiUNLpn5qWwGaNAda19PrX0JjmfLkpTWobtZTpmhCCsIDHJLGZmZEWEKk3suNF4+C3v5B9h9cuvzGA==;
Received: from [66.196.81.170] by nm24.bullet.mail.bf1.yahoo.com with NNFMP; 08 Jan 2015 06:40:42 -0000
Received: from [98.139.215.253] by tm16.bullet.mail.bf1.yahoo.com with NNFMP; 08 Jan 2015 06:40:42 -0000
Received: from [127.0.0.1] by omp1066.mail.bf1.yahoo.com with NNFMP; 08 Jan 2015 06:40:42 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 321878.43189.bm@omp1066.mail.bf1.yahoo.com
X-YMail-OSG: oND1vVwVM1lV7lHjhAZi52t4ToJ0pTcnKSTDWWTCSP0iS5miwg_UaR1iuGTd_rQ djo1ZyuwuKH.jSwmaDL8N9Yq7Mvspzw6mYYlYWRWEg.Gvn7R8.KYi5jw4h6uavgl.xSA2vSLPgdY dhH5Z0HvPJkaN_iEr5.HgirxfP_5yO_n_hD3lqlZYEt0KsA4Xx6fvR60EuL7r5.s57RprkiLZfnU YzJqQ5a0olhCMEpsN8O3KIc2eQkqfaal61u9cjyU1bJqVnjVia6CGcbhJG279mcr3IMuQh7AB6PV 8e3isFiiwSd3dT43TSYupuHGp8rOSGS2bVCcXkEaabu8ARpG3uuJCtwU1IVxKOfc.ZJrHhr3EM6F rssjDuu8EnXoni0MrmmIXs2PW_RWz2mrb26BgGKtOYiBvUkD04_2lhQIJgre6qfV_mnLBgcw5FLT 7ZDiAa1dRn59VsXU0B.uAQ3D9RjOTnjqEWER0iabxQ7ODKdJznWvJMHsdtJWQO0NAQIgboJruEJr HCYJ71xBcjIUigChUpul.9RvY0x5l_ijDJSTgXkcHR8jRq0ptnf42zmUGQKZncPr.UhTryvS.g_2 k91lxYxE4zPG7VtXvr1VZuh1B.hvE0qA3t17ZHtgQ3vIeozmM61lUFyUK72Us23YMnDJQiSE1vXK wHvht2LwZwkA0L4gEr7LtjlKdnnlIwfFU7UREeFuXa4sMiGc_ZcPsbmGgXQMvZrlChgsefrf6M3Z TxBqAEQ7bTOMNJdB8UHsdT972UxB7_Zlp9XR6TBw.oB66Sz61q1NGHY6wQ6qlBA_stcQMiG9NfXV dr65r2Yn3Ta_pXn6k0ozH0XY1vN.8uk.7C.K8yqgpbwwKwBIYgf40Ng--
Received: by 76.13.26.159; Thu, 08 Jan 2015 06:40:41 +0000
Date: Thu, 08 Jan 2015 06:40:41 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Message-ID: <1360746483.6267464.1420699241445.JavaMail.yahoo@jws10696.mail.bf1.yahoo.com>
In-Reply-To: <alpine.GSO.1.10.1501072058410.23489@multics.mit.edu>
References: <alpine.GSO.1.10.1501072058410.23489@multics.mit.edu>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_6267463_1473810422.1420699241442"
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/puGG3AKLMlQuEJRp4qa9ffypk8U
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Alexey's comments Re: WGLC of draft-ietf-kitten-sasl-oauth-18
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jan 2015 06:40:47 -0000

I didn't before.
http://htmlpreview.github.io/?https://github.com/sweetums/idrafts/blob/master/draft-ietf-kitten-sasl-oauth-19.html
 

     On Wednesday, January 7, 2015 5:59 PM, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
   

 Seems reasonable here; let's see what it looks like in the next revision.
(Do you keep your working copy somewhere public?  I have forgotten.)

Thanks,

Ben

On Wed, 7 Jan 2015, Bill Mills wrote:

> Added 
> "The client response consisting of only a single kvsep is used only when authentication fails, and is only valid in that context. If sent as the first message from the client the server MAY simply fail the authentication without returning discovery information since there is no user or server name indication."
>
>
>      On Wednesday, January 7, 2015 9:57 AM, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
>
>
>  Bill, Alexey,
>
> Thanks for working through these comments (I'm still catching up after the
> holidays) -- I do agree with Alexey that having the examples right is very
> important.
>
> Looking through this thread, I don't see a response to one of Alexey's
> comments, though:
>
> % client_resp    = (gs2-header kvsep 0*kvpair kvsep) / kvsep
> %
> % Did you mean that the whole client response can be just a single separator
> % character? I think this is not compatible with GS2 framing. If you only meant to
> % allow that for failed authentication, I suggest you add a comment and point to
> % section 3.2.3.
>
> If I correctly remember how things work, I think that Alexey is right that
> this is only allowed for failed authentication, so a comment is needed
> here.
>
> -Ben
>
>
>
>
>

v2.23.0 | Report a Bug | By Email