Re: [OAUTH-WG] Shepherd Writeup for draft-ietf-oauth-spop-06.txt

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 18 February 2015 15:34 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C923A1A8994 for <oauth@ietfa.amsl.com>; Wed, 18 Feb 2015 07:34:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4RoKQyfKOQhZ for <oauth@ietfa.amsl.com>; Wed, 18 Feb 2015 07:34:16 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B610C1A8852 for <oauth@ietf.org>; Wed, 18 Feb 2015 07:34:15 -0800 (PST)
Received: from [192.168.131.129] ([80.92.119.127]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0Lr32V-1Xtysg0KcF-00ecw3; Wed, 18 Feb 2015 16:34:13 +0100
Message-ID: <54E4B0AD.10801@gmx.net>
Date: Wed, 18 Feb 2015 16:33:01 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: torsten@lodderstedt.net
References: <54C7BBA4.4030702@gmx.net> <CA+k3eCQCPiAR0s1cX5mC=h2O-5ptVTVq6=cVKHFKu_Adq8bJTg@mail.gmail.com> <2E3D2EE7-8F5F-452D-880A-D62A513AC853@lodderstedt.net> <54E370F9.8060209@gmx.net> <17faabb6e724fb54f3cb8060a3d9cb08@lodderstedt.net>
In-Reply-To: <17faabb6e724fb54f3cb8060a3d9cb08@lodderstedt.net>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5oeP2wWKeeji6dTUPhE5eWuLR7mFFAgUf"
X-Provags-ID: V03:K0:/zPDyPsxdTFKwdkxXuNZ6m+e3JtOa16l+/i7vcoRl+AcAUO3UMR I8QhEbTK3JLdbSfYGvNSpaQYMkigpfOivjigwwbffedzt+OscvFIAfKEoUfjVJfk5P74MjT Z3LL/jeB94rUTMPanvffv28Nd8yjdz9B/mvqIqNDIRHpp/p1Gr/4rKB06MsMU4z0fATd9Vs 8fGVPDQK4pplB1DsDUHqw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/38MqT4bPZ_61aSovbh9fDk8RhUU>
Cc: oauth@ietf.org, "naa@google.com >> Naveen Agarwal" <naa@google.com>
Subject: Re: [OAUTH-WG] Shepherd Writeup for draft-ietf-oauth-spop-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 15:34:17 -0000

Thanks for the info, Torsten.

Your feedback raises an interesting question, namely what functionality
the parties have to implement to claim conformance to the specification.

Quickly scanning through the specification didn't tell me whether it is
OK to just implement the plain mode or whether both modes are
mandatory-to-implement. We have to say something about this.

Ciao
Hannes


On 02/18/2015 02:16 PM, torsten@lodderstedt.net wrote:
> Hi Hannes,
> 
> our implementation supports the "plain" mode only. We just verified
> compliance of our implementation with the current spec. As the only
> deviation, we do not enforce the minimum length of 43 characters of the
> code verifier.
> 
> kind regards,
> Torsten.
> 
> Am 17.02.2015 17:48, schrieb Hannes Tschofenig:
>> Hi Torsten,
>>
>> does this mean that your implementation is not compliant with the
>> current version anymore or that you haven't had time to verify whether
>> there are differences to the earlier version?
>>
>> Ciao
>> Hannes
>>
>>
>> On 01/31/2015 05:34 PM, Torsten Lodderstedt wrote:
>>> Deutsche Telekom also implemented an early version of the draft last
>>> year.
>>>
>>>
>>>
>>> Am 30.01.2015 um 18:50 schrieb Brian Campbell
>>> <bcampbell@pingidentity.com <mailto:bcampbell@pingidentity.com>>:
>>>
>>>>
>>>> On Tue, Jan 27, 2015 at 9:24 AM, Hannes Tschofenig
>>>> <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote:
>>>>
>>>>
>>>>     1) What implementations of the spec are you aware of?
>>>>
>>>>
>>>> We have an AS side implementation of an earlier draft that was
>>>> released in June of last year:
>>>> http://documentation.pingidentity.com/pages/viewpage.action?pageId=26706844
>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/oauth