Re: [OAUTH-WG] Fwd: [Technical Errata Reported] RFC5849 (2550)
Peter Saint-Andre <stpeter@stpeter.im> Sun, 13 November 2011 02:29 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3E9A11E8083 for <oauth@ietfa.amsl.com>; Sat, 12 Nov 2011 18:29:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.412
X-Spam-Level:
X-Spam-Status: No, score=-102.412 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599, HTTP_ESCAPED_HOST=0.134, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cw6zmE0y+kaT for <oauth@ietfa.amsl.com>; Sat, 12 Nov 2011 18:29:59 -0800 (PST)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 1BE0711E808D for <oauth@ietf.org>; Sat, 12 Nov 2011 18:29:59 -0800 (PST)
Received: from dhcp-13ac.meeting.ietf.org (unknown [130.129.19.172]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 34D95404FF; Sat, 12 Nov 2011 19:36:04 -0700 (MST)
Message-ID: <4EBF2BA3.10200@stpeter.im>
Date: Sun, 13 Nov 2011 10:29:55 +0800
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: Eran Hammer-Lahav <eran@hueniverse.com>
References: <4CE5E01F.1020207@stpeter.im> <90C41DD21FB7C64BB94121FBBC2E723445A8FB27F9@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723445A8FB27F9@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: [Technical Errata Reported] RFC5849 (2550)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Nov 2011 02:30:00 -0000
Finally processed. On 1/28/11 8:24 AM, Eran Hammer-Lahav wrote: > Verified as correct. > > EHL > >> -----Original Message----- >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf >> Of Peter Saint-Andre >> Sent: Thursday, November 18, 2010 6:26 PM >> To: OAuth WG >> Subject: [OAUTH-WG] Fwd: [Technical Errata Reported] RFC5849 (2550) >> >> Folks, is this erratum accurate? >> >> >> -------- Original Message -------- >> Subject: [Technical Errata Reported] RFC5849 (2550) >> Date: Tue, 12 Oct 2010 09:42:17 -0700 (PDT) >> From: RFC Errata System<rfc-editor@rfc-editor.org> >> To: eran@hueniverse.com, iesg@iesg.org >> CC: alasdair@lovefilm.com, rfc-editor@rfc-editor.org >> >> >> The following errata report has been submitted for RFC5849, "The OAuth 1.0 >> Protocol". >> >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata_search.php?rfc=5849&eid=2550 >> >> -------------------------------------- >> Type: Technical >> Reported by: Alasdair McIntyre<alasdair@lovefilm.com> >> >> Section: GLOBAL >> >> Original Text >> ------------- >> Section 3.1 >> oauth_signature="bYT5CMsGcbgUdFHObYMEfcx6bsw%3D" >> >> Section 3.4.1.1 >> oauth_signature="bYT5CMsGcbgUdFHObYMEfcx6bsw%3D" >> >> Section 3.4.1.3.1 >> oauth_signature="djosJKDKJSD8743243%2Fjdk33klY%3D" >> >> >> >> Corrected Text >> -------------- >> Section 3.1 >> oauth_signature="r6%2FTJjbCOr97%2F%2BUU0NsvSne7s5g%3D" >> >> Section 3.4.1.1 >> oauth_signature="r6%2FTJjbCOr97%2F%2BUU0NsvSne7s5g%3D" >> >> Section 3.4.1.3.1 >> oauth_signature="r6%2FTJjbCOr97%2F%2BUU0NsvSne7s5g%3D" >> >> >> Notes >> ----- >> (Apologies - this supercedes Errata ID 2549). >> >> The signatures in sections 3.1, 3.4.1.1, and 3.4.1.3.1 of the RFC have >> mistakenly been calculated as if with "GET". I have supplied the correct >> "POST" signatures in the corrected text. >> >> For reference, here is the perl script I used to calculate the signatures: >> >> #!/usr/bin/perl >> use strict; >> use warnings; >> use Digest::HMAC_SHA1; >> use URI::Escape; >> use MIME::Base64; >> >> my $unsafe = '^-._~A-Za-z0-9'; >> my $client_secret = 'j49sk3j29djd'; >> my $token_secret = 'dh893hdasih9'; >> my $key = join('&', $client_secret, $token_secret); >> >> my $uri_base = 'http%3A%2F%2Fexample.com%2Frequest'; >> my $params = join('', qw( >> a2%3Dr%2520b%26a3%3D2%2520q%26a3%3Da%26b5%3D >> %253D%25253D%26c%2540%3D%26c2%3D%26oauth_con >> sumer_key%3D9djdj82h48djs9d2%26oauth_nonce%3 >> D7d8f3e4a%26oauth_signature_method%3DHMAC-SH >> A1%26oauth_timestamp%3D137131201%26oauth_tok >> en%3Dkkk9d7dh3k39sjv7 >> )); >> >> foreach my $method ('GET', 'POST') { >> my $base_sig = join('&', $method, $uri_base, $params); >> my $bin_sig = Digest::HMAC_SHA1::hmac_sha1($base_sig, $key); >> my $b64_sig = MIME::Base64::encode_base64($bin_sig, ''); >> my $enc_sig = URI::Escape::uri_escape($b64_sig, $unsafe); >> printf "%-8s %s\n", $method, $enc_sig; } >> >> Instructions: >> ------------- >> This errata is currently posted as "Reported". If necessary, please use "Reply >> All" to discuss whether it should be verified or rejected. When a decision is >> reached, the verifying party (IESG) can log in to change the status and edit >> the report, if necessary. >> >> -------------------------------------- >> RFC5849 (draft-hammer-oauth-10) >> -------------------------------------- >> Title : The OAuth 1.0 Protocol >> Publication Date : April 2010 >> Author(s) : E. Hammer-Lahav, Ed. >> Category : INFORMATIONAL >> Source : IETF - NON WORKING GROUP >> Area : N/A >> Stream : IETF >> Verifying Party : IESG > -- Peter Saint-Andre https://stpeter.im/
- [OAUTH-WG] Fwd: [Technical Errata Reported] RFC58… Peter Saint-Andre
- Re: [OAUTH-WG] Fwd: [Technical Errata Reported] R… Eran Hammer-Lahav
- Re: [OAUTH-WG] Fwd: [Technical Errata Reported] R… Peter Saint-Andre