IETF Logo Mail Archive

Re: [OAUTH-WG] MAC: body-hash

Eran Hammer-Lahav <eran@hueniverse.com> Sat, 19 November 2011 16:39 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A349421F84DA for <oauth@ietfa.amsl.com>; Sat, 19 Nov 2011 08:39:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ffq-hKQ4ofxi for <oauth@ietfa.amsl.com>; Sat, 19 Nov 2011 08:39:39 -0800 (PST)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by ietfa.amsl.com (Postfix) with SMTP id 8877E21F84B4 for <oauth@ietf.org>; Sat, 19 Nov 2011 08:39:39 -0800 (PST)
Received: (qmail 25742 invoked from network); 19 Nov 2011 16:39:25 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 19 Nov 2011 16:39:24 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Sat, 19 Nov 2011 09:39:24 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: William Mills <wmills@yahoo-inc.com>, OAuth WG <oauth@ietf.org>
Date: Sat, 19 Nov 2011 09:39:11 -0700
Thread-Topic: [OAUTH-WG] MAC: body-hash
Thread-Index: Acym0maqyl7xT4QOS92aWxKB6KB0FAAB1VaA
Message-ID: <90C41DD21FB7C64BB94121FBBC2E7234526735EDF5@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E7234526735EDF1@P3PW5EX1MB01.EX1.SECURESERVER.NET> <1321717586.50797.YahooMailNeo@web31804.mail.mud.yahoo.com>
In-Reply-To: <1321717586.50797.YahooMailNeo@web31804.mail.mud.yahoo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_90C41DD21FB7C64BB94121FBBC2E7234526735EDF5P3PW5EX1MB01E_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] MAC: body-hash
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Nov 2011 16:39:40 -0000

The charset is restricted so no issues.

From: William Mills [mailto:wmills@yahoo-inc.com]
Sent: Saturday, November 19, 2011 7:46 AM
To: Eran Hammer-Lahav; OAuth WG
Subject: Re: [OAUTH-WG] MAC: body-hash

I haven't read the MAC spec recently enough, did you already deal with the character set issue (if there was one) comparable to the ones in the Bearer spec?

I am +1 on the -body_hash +ext change.

________________________________
From: Eran Hammer-Lahav <eran@hueniverse.com<mailto:eran@hueniverse.com>>
To: OAuth WG <oauth@ietf.org<mailto:oauth@ietf.org>>
Sent: Saturday, November 19, 2011 7:39 AM
Subject: [OAUTH-WG] MAC: body-hash
I want to reaffirm our previous consensus to drop the body-hash parameter and leave the ext parameter. Body-hash as currently specified is going to cause significant interop issues due to character (and other) encoding issues. Providers who desire to MAC the body can define their own ext use case.

Let me know if you have an objection to this change.

EHL

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email