[OAUTH-WG] HTTP Signing
Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 28 March 2017 19:33 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6C62129564 for <oauth@ietfa.amsl.com>; Tue, 28 Mar 2017 12:33:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.397
X-Spam-Level:
X-Spam-Status: No, score=-5.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.796, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4T0UlZKzZfD6 for <oauth@ietfa.amsl.com>; Tue, 28 Mar 2017 12:33:01 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A3F112955B for <oauth@ietf.org>; Tue, 28 Mar 2017 12:33:00 -0700 (PDT)
Received: from [192.168.91.186] ([31.133.136.32]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0M8ZtH-1bxOGY3RQp-00wGEI for <oauth@ietf.org>; Tue, 28 Mar 2017 21:32:58 +0200
To: "oauth@ietf.org" <oauth@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <7480c702-56a9-4e6b-86e1-2f24bb0b3c42@gmx.net>
Date: Tue, 28 Mar 2017 21:32:55 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="fFJ5UXSF4qXmFqdNpSE5QXcFm5Dhaab4l"
X-Provags-ID: V03:K0:M3hybXeJYutx4OK5UZKnp1+Nlh23kLI33paaGxKvMw9ipdBiGQ2 Cm3Qv+kANmWg7UfoZkXm/VhQoTtITJp6C6G0UeHBSszn/FJrflhd+WGp7XOkzIqxQJAc/xl tunuA91M3pwMkreqpCn/9nc1uCq/QDemu+/8Fmzpx1eFNzT1Mt7O2Jy2iS5Y7/mE3DSpR9r dKyEv9ujiAv5f09MHqzMQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:N8vI57SyHiY=:RGq4bABJk7zkGrxbe5TkGk JnwwtKJBlfK+NAcXvDpn3aDvPJJSPJYd9OdwJ2vCE9Dd9z7iMHcl/Jam2SETTho4E6kIizLy+ JNIe9s3QFECICZ8YHzUA/t9QHF2kvBRJuCF61QSpRSNZXbuEsTy6u/PcTwWA9nydX12TBqbzG Yy9ooH/ftTsSM1ydywuH1yVUSywTf9eUHqlwbkGumXLk15fmtaQvcQCsCSeYeYrFtgDmyV7a2 uDP72A7G0f9+XIbx8Hd43Wsv4tbJh1qmjU5i53ovXwUunx/0mTWX8s7CuPkj356ZcCHIu/Sd+ bCzDFWuGN+QdSSLZ0LotgfFeV6M4T0vty4eUSb+YTzo7pjSnYxr8u9ynJl3mAxSTGtsp7gOBx p8InJt77lgWW8UVNrDu6vAwP0ifEyeWBHDVJg5BKjHCVXnuBDap2erqPjYaHth/V5KolpV7SX 6SRpNWo86+USFwkGsDxLiQf8Kday7zGPYqYlxs2ulJWNJ6TPbma/Aff8otvliwp/TbL7M7HBz dX4mG0rNiSxMeapDrdW8bxKsOvLtB4iDGj5vl64C6mTVPAI7Nb75csf9zJjSsfiOg05qMaEuu fAffDZlKwWo0ycIgA/RxjaXHTV4Uib943yDPSMo+QhYsvhXFpMvzvJdiv4f9HbDUz//RqP9af KeIx+KmCO6oD0I2WwN6sFlXGml1PvUUeXStWzI2gwcnYZyXjT1CN1y2IOAJL3prg+5eg4T1Ky X8qN2SZZx8VJxXlriICLxavUh1s7gODIxa+gO6f3DniPM1wHhx2jfDiMOJs=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/1lkPidBJ0aj1aRY7l1jp-s_fvKo>
Subject: [OAUTH-WG] HTTP Signing
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2017 19:33:03 -0000
Hi all, I met Manu after the OAuth meeting on Monday and he pointed me to his work on HTTP signing, as described in this document: https://tools.ietf.org/html/draft-cavage-http-signatures-06 I believe there is some synergy of work going on elsewhere in the IETF. Since we have had challenges with some HTTP signing I wonder whether there is something to learn from the authors of that doc. Ciao Hannes
- [OAUTH-WG] HTTP Signing Hannes Tschofenig
- Re: [OAUTH-WG] HTTP Signing Justin Richer