IETF Logo Mail Archive

Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mtls

Brian Campbell <bcampbell@pingidentity.com> Wed, 07 November 2018 08:46 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA4741286D9 for <oauth@ietfa.amsl.com>; Wed, 7 Nov 2018 00:46:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6pHLARCudNbx for <oauth@ietfa.amsl.com>; Wed, 7 Nov 2018 00:46:35 -0800 (PST)
Received: from mail-it1-x131.google.com (mail-it1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6CAB12007C for <oauth@ietf.org>; Wed, 7 Nov 2018 00:46:34 -0800 (PST)
Received: by mail-it1-x131.google.com with SMTP id t190-v6so16082198itb.2 for <oauth@ietf.org>; Wed, 07 Nov 2018 00:46:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z6zXAa7BCEeqIntJvkyj72vdH3wY6aShclEhoNkLdCU=; b=HxyOcrZxUDMDqsqTjcVfezxWZ0v+QmCgSd4HhvrQM1A5ukRW+AO/fCD/e4He5GJDAV RK/WcHkjdUdOJD7hCJT4MQVsCXqfleH8d+41RzhNDmllTolVk25poLenl8MJbpryB52k TMgpRPeup0Bb+Yc3+AziU/43PooL+0Fk0JWWw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z6zXAa7BCEeqIntJvkyj72vdH3wY6aShclEhoNkLdCU=; b=mmyzs2SE5HNS/0cVc1m2cvEHjAcbWHkXE/1REIzh58pNICqBt1hfGWn8W6ITXTXwxj Y+qIeroGAcSXWO7SGcPGruqVpPAH9389GQP0e75SsvKZRHmeuFkeiM/+fwyAqF4rnGiE oopVYRBxrRaZVLiR8sK//7OyyyC6oz1JRp6QIrDckdEfXG26OQxY/yX3znZf94bdPR/m +WvbHe8oFOPMW73j9q2edJxOCShzTcLjHUdMt1UeXqwTt2GI6SsTPtsEjg2gb+0JZzpX p5tpEt11rmqt9CwPdPvLuEuD2hAlHZHC7uW/9P5uFIUZzR4kfBBbo83+Jk4RAgCpSqTg UmAQ==
X-Gm-Message-State: AGRZ1gJcKHPqNvSiw6i1c3hpw6LjV4v2rbnaZUmWc1D6xV1feLWjxPVv ZKUcJ11JYo7gZmBMSbUZwU7iMyg20JmKF7Xso4oKlS40h0RmeNmpiNTFQ/j9hXHrqFa0IB3Len1 HsqPJtXr1qUT60A==
X-Google-Smtp-Source: AJdET5chyrLROcBLMrflgfqiRIxUXA1bmBvK+6BDukfiuO9RwneK4uSpxQN4SezksloHjguKj/6yGKZfB81Y+oeWCh0=
X-Received: by 2002:a24:f60b:: with SMTP id u11-v6mr1030257ith.45.1541580394084; Wed, 07 Nov 2018 00:46:34 -0800 (PST)
MIME-Version: 1.0
References: <CAL841A_29YGLC-LtQcj1Mw15skys59V0DvDmyOpDS6V+x1LxWw@mail.gmail.com> <CA+k3eCSuU=3ENrYk75e5waGD7erKsf5mX1vT+wfjkqL76QomwQ@mail.gmail.com> <369D0056-3FC0-417A-ADF0-7550EBB9794E@forgerock.com> <CAL841A90GbZ7c47Lpv=c5mmVRQUwZFVSZ_4CCu10xAsUsk11mg@mail.gmail.com>
In-Reply-To: <CAL841A90GbZ7c47Lpv=c5mmVRQUwZFVSZ_4CCu10xAsUsk11mg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 07 Nov 2018 00:46:07 -0800
Message-ID: <CA+k3eCSP4fTgwrdZKBEgQP9kQTb8Op-Y1Sapzo1QB-yXT5939Q@mail.gmail.com>
To: Evan Gilman <evan2645@gmail.com>
Cc: Neil Madden <neil.madden@forgerock.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c86757057a0f279d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/3_pfwHllIs06Y815CSWVKCZTB0M>
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mtls
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 08:46:37 -0000

inline below

On Tue, Nov 6, 2018 at 12:53 PM Evan Gilman <evan2645@gmail.com> wrote:

> There are some extra things we could do if we attached type-specific
> semantics to the matching (e.g. DNS wildcarding etc), however I think
> that continuing to use the values as opaque identifiers would get us
> most of what we need while keeping things simple.
>

Agreed.


I am far from an authority here, but it is my understanding that one
> of the primary drivers in supporting SAN over Subject is that the
> values are strongly typed. While some of the advantages gained from
> this may be less useful in our own context, I feel that it make sense
> to keep the values separate and not overload a single value.


I'm likewise no authority but have a similar understanding. Because the
advantages of a typed name are less clear in this context is why I've been
wanting to simplify with an overloaded parameter. But that's probably
ultimately a bad idea. So yeah, I'm agreeing that separating the types is
the way to go.


Whether
> that means dedicated metadata parameters or a structured parameter
> value, I am not sure what the tradeoffs would be, but both options
> sound suitable to me.
>

Seems like it's largely an esthetic thing but perhaps the benefits or
drawbacks of one over the other will become more apparent as we dig into it
more.

Great. I will work on some sample text since it sounds like that would
> be generally helpful
>

I think it would, yes. Thank you!

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.23.0 | Report a Bug | By Email