Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mtls
Brian Campbell <bcampbell@pingidentity.com> Wed, 07 November 2018 08:46 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA4741286D9 for <oauth@ietfa.amsl.com>; Wed, 7 Nov 2018 00:46:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6pHLARCudNbx for <oauth@ietfa.amsl.com>; Wed, 7 Nov 2018 00:46:35 -0800 (PST)
Received: from mail-it1-x131.google.com (mail-it1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6CAB12007C for <oauth@ietf.org>; Wed, 7 Nov 2018 00:46:34 -0800 (PST)
Received: by mail-it1-x131.google.com with SMTP id t190-v6so16082198itb.2 for <oauth@ietf.org>; Wed, 07 Nov 2018 00:46:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z6zXAa7BCEeqIntJvkyj72vdH3wY6aShclEhoNkLdCU=; b=HxyOcrZxUDMDqsqTjcVfezxWZ0v+QmCgSd4HhvrQM1A5ukRW+AO/fCD/e4He5GJDAV RK/WcHkjdUdOJD7hCJT4MQVsCXqfleH8d+41RzhNDmllTolVk25poLenl8MJbpryB52k TMgpRPeup0Bb+Yc3+AziU/43PooL+0Fk0JWWw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z6zXAa7BCEeqIntJvkyj72vdH3wY6aShclEhoNkLdCU=; b=mmyzs2SE5HNS/0cVc1m2cvEHjAcbWHkXE/1REIzh58pNICqBt1hfGWn8W6ITXTXwxj Y+qIeroGAcSXWO7SGcPGruqVpPAH9389GQP0e75SsvKZRHmeuFkeiM/+fwyAqF4rnGiE oopVYRBxrRaZVLiR8sK//7OyyyC6oz1JRp6QIrDckdEfXG26OQxY/yX3znZf94bdPR/m +WvbHe8oFOPMW73j9q2edJxOCShzTcLjHUdMt1UeXqwTt2GI6SsTPtsEjg2gb+0JZzpX p5tpEt11rmqt9CwPdPvLuEuD2hAlHZHC7uW/9P5uFIUZzR4kfBBbo83+Jk4RAgCpSqTg UmAQ==
X-Gm-Message-State: AGRZ1gJcKHPqNvSiw6i1c3hpw6LjV4v2rbnaZUmWc1D6xV1feLWjxPVv ZKUcJ11JYo7gZmBMSbUZwU7iMyg20JmKF7Xso4oKlS40h0RmeNmpiNTFQ/j9hXHrqFa0IB3Len1 HsqPJtXr1qUT60A==
X-Google-Smtp-Source: AJdET5chyrLROcBLMrflgfqiRIxUXA1bmBvK+6BDukfiuO9RwneK4uSpxQN4SezksloHjguKj/6yGKZfB81Y+oeWCh0=
X-Received: by 2002:a24:f60b:: with SMTP id u11-v6mr1030257ith.45.1541580394084; Wed, 07 Nov 2018 00:46:34 -0800 (PST)
MIME-Version: 1.0
References: <CAL841A_29YGLC-LtQcj1Mw15skys59V0DvDmyOpDS6V+x1LxWw@mail.gmail.com> <CA+k3eCSuU=3ENrYk75e5waGD7erKsf5mX1vT+wfjkqL76QomwQ@mail.gmail.com> <369D0056-3FC0-417A-ADF0-7550EBB9794E@forgerock.com> <CAL841A90GbZ7c47Lpv=c5mmVRQUwZFVSZ_4CCu10xAsUsk11mg@mail.gmail.com>
In-Reply-To: <CAL841A90GbZ7c47Lpv=c5mmVRQUwZFVSZ_4CCu10xAsUsk11mg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 07 Nov 2018 00:46:07 -0800
Message-ID: <CA+k3eCSP4fTgwrdZKBEgQP9kQTb8Op-Y1Sapzo1QB-yXT5939Q@mail.gmail.com>
To: Evan Gilman <evan2645@gmail.com>
Cc: Neil Madden <neil.madden@forgerock.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c86757057a0f279d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/3_pfwHllIs06Y815CSWVKCZTB0M>
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mtls
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 08:46:37 -0000
inline below On Tue, Nov 6, 2018 at 12:53 PM Evan Gilman <evan2645@gmail.com> wrote: > There are some extra things we could do if we attached type-specific > semantics to the matching (e.g. DNS wildcarding etc), however I think > that continuing to use the values as opaque identifiers would get us > most of what we need while keeping things simple. > Agreed. I am far from an authority here, but it is my understanding that one > of the primary drivers in supporting SAN over Subject is that the > values are strongly typed. While some of the advantages gained from > this may be less useful in our own context, I feel that it make sense > to keep the values separate and not overload a single value. I'm likewise no authority but have a similar understanding. Because the advantages of a typed name are less clear in this context is why I've been wanting to simplify with an overloaded parameter. But that's probably ultimately a bad idea. So yeah, I'm agreeing that separating the types is the way to go. Whether > that means dedicated metadata parameters or a structured parameter > value, I am not sure what the tradeoffs would be, but both options > sound suitable to me. > Seems like it's largely an esthetic thing but perhaps the benefits or drawbacks of one over the other will become more apparent as we dig into it more. Great. I will work on some sample text since it sounds like that would > be generally helpful > I think it would, yes. Thank you! -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Mail regarding draft-ietf-oauth-mtls Evan Gilman
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Brian Campbell
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Neil Madden
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Evan Gilman
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Justin P Richer
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Torsten Lodderstedt
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Brian Campbell
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Brian Campbell
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Evan Gilman
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Torsten Lodderstedt
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Evan Gilman
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mt… Brian Campbell