IETF Logo Mail Archive

Re: [kitten] Alexey's comments Re: WGLC of draft-ietf-kitten-sasl-oauth-18

Benjamin Kaduk <kaduk@MIT.EDU> Wed, 07 January 2015 17:58 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3DE41A00B0 for <kitten@ietfa.amsl.com>; Wed, 7 Jan 2015 09:58:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 39FE-g0I4doX for <kitten@ietfa.amsl.com>; Wed, 7 Jan 2015 09:58:00 -0800 (PST)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3ED31A00A9 for <kitten@ietf.org>; Wed, 7 Jan 2015 09:57:58 -0800 (PST)
X-AuditID: 1209190c-f79e46d000000eb2-da-54ad73a540a8
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 44.C2.03762.5A37DA45; Wed, 7 Jan 2015 12:57:57 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id t07HvuTM013946; Wed, 7 Jan 2015 12:57:56 -0500
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t07HvscE025271 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 7 Jan 2015 12:57:55 -0500
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t07HvrdH017250; Wed, 7 Jan 2015 12:57:53 -0500 (EST)
Date: Wed, 07 Jan 2015 12:57:53 -0500
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Bill Mills <wmills_92105@yahoo.com>
In-Reply-To: <1925662348.5489214.1420580358172.JavaMail.yahoo@jws106149.mail.bf1.yahoo.com>
Message-ID: <alpine.GSO.1.10.1501071251500.23489@multics.mit.edu>
References: <0FBE45D4-68AE-46D8-B42E-A1DAA8557F2F@isode.com> <1925662348.5489214.1420580358172.JavaMail.yahoo@jws106149.mail.bf1.yahoo.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHIsWRmVeSWpSXmKPExsUixCmqrLu0eG2IwZaJYhYzVhdZHN28isXi W9d1ZgdmjyVLfjJ5nGo29Jg16zBTAHMUl01Kak5mWWqRvl0CV8bpeUdYC5rYKn5MrW1gfMDS xcjJISFgIvHs71soW0ziwr31bF2MXBxCAouZJLYdWs0E4WxglNj06QkrhHOQSaJn73KgMg4g p16ia5MKSDeLgJbEvs7Z7CA2m4CKxMw3G8FKRATUJZq/e4OYzAKxEksOJYFUCAuESnz5uJsN xOYUiJbofTgTzOYVcJRobb4PtambUeLMri9gx4kK6Eis3j+FBaJIUOLkzCdgNjPQ2uXTt7FM YBSchSQ1C0lqASPTKkbZlNwq3dzEzJzi1GTd4uTEvLzUIl1DvdzMEr3UlNJNjOCgleTZwfjm oNIhRgEORiUe3oK+NSFCrIllxZW5hxglOZiURHlji9aGCPEl5adUZiQWZ8QXleakFh9ilOBg VhLhdU0GyvGmJFZWpRblw6SkOViUxHk3/eALERJITyxJzU5NLUgtgsnKcHAoSfB+AxkqWJSa nlqRlplTgpBm4uAEGc4DNFypGGR4cUFibnFmOkT+FKMux4L2/TOZhFjy8vNSpcQhBgmAFGWU 5sHNgSWbV4ziQG8J81aDVPEAExXcpFdAS5iAlmQtXw2ypCQRISXVwFha/P+lwyShzkOFwQWp KT+6LmxmY3zzvoNhibgPU+M/pYKF9q/dRPrm/ZpaZ5cjVNumEr9sU9hF8675vxdt6uft0Qj5 9zPx+WuG8ELnAs8MPUW/Tp5HztvZ9d/Pa+Ts+z8jOnCFwN6nBllsmxnX7Tp0T2/hVwHOnwum J17hzfzjH5DzhjdyhRJLcUaioRZzUXEiAJjdmocRAwAA
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/quqsR9bQNrJi1Z4QtkO0kFcrtBs
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Alexey's comments Re: WGLC of draft-ietf-kitten-sasl-oauth-18
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jan 2015 17:58:02 -0000

Bill, Alexey,

Thanks for working through these comments (I'm still catching up after the
holidays) -- I do agree with Alexey that having the examples right is very
important.

Looking through this thread, I don't see a response to one of Alexey's
comments, though:

% client_resp    = (gs2-header kvsep 0*kvpair kvsep) / kvsep
%
% Did you mean that the whole client response can be just a single separator
% character? I think this is not compatible with GS2 framing. If you only meant to
% allow that for failed authentication, I suggest you add a comment and point to
% section 3.2.3.

If I correctly remember how things work, I think that Alexey is right that
this is only allowed for failed authentication, so a comment is needed
here.

-Ben

v2.23.0 | Report a Bug | By Email