Re: [OAUTH-WG] MAC Tokens body hash
"William J. Mills" <wmills@yahoo-inc.com> Mon, 01 August 2011 15:41 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49C3211E8108 for <oauth@ietfa.amsl.com>; Mon, 1 Aug 2011 08:41:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.926
X-Spam-Level:
X-Spam-Status: No, score=-15.926 tagged_above=-999 required=5 tests=[AWL=-0.928, BAYES_50=0.001, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EiMEcR+1VqZg for <oauth@ietfa.amsl.com>; Mon, 1 Aug 2011 08:41:09 -0700 (PDT)
Received: from nm15-vm2.bullet.mail.ne1.yahoo.com (nm15-vm2.bullet.mail.ne1.yahoo.com [98.138.91.91]) by ietfa.amsl.com (Postfix) with SMTP id F21D911E8106 for <oauth@ietf.org>; Mon, 1 Aug 2011 08:41:08 -0700 (PDT)
Received: from [98.138.90.49] by nm15.bullet.mail.ne1.yahoo.com with NNFMP; 01 Aug 2011 15:41:12 -0000
Received: from [98.138.89.197] by tm2.bullet.mail.ne1.yahoo.com with NNFMP; 01 Aug 2011 15:41:12 -0000
Received: from [127.0.0.1] by omp1055.mail.ne1.yahoo.com with NNFMP; 01 Aug 2011 15:41:12 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 363247.21943.bm@omp1055.mail.ne1.yahoo.com
Received: (qmail 24843 invoked by uid 60001); 1 Aug 2011 15:41:11 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1312213271; bh=b6gL9uBn2kQWCr44VAGtn0Gml+h5mQ13iC/CQbXR7Rs=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Z4dxX/Ornw3BDBI+3RqUN3zi4X+pOVBVzbVCD4UEXqbCkPE9lTQZhbywI+1NAHq/tC4pMGDo1dQAjVVSsKLmkVnT5vQRZPwcQf1hPQecsWAfSzlMxKgbewCkBR5meQ3ERcP9jQ939Qn321w+CmIQBWbhzgJQMROdkbsBWheoJz0=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=c0RcwzUbF+CckT/FtYVFDQcWQkqK5xTXCCK8XVYITtaco3ptjuN9bZpoThgNe1IKeJ4zyZ6ipysVoRLbYQ+woT0D7Ps5c2q7HruX8J3AclLt7h/ikzwMG/U6vIX1ZXlVwEpK4cMFSWi1RRLpSGz6RNi/7yavKYDr8rAKGTxIddI=;
X-YMail-OSG: XXBz_G4VM1k_VOeQvBkfS9QA_vCclpXsVBbOJgboR2DegSQ _JZ4n_g2aDX__UGyKkAdgsDx3w4tc4Qw5M7RqEqhY59ThV1wFln363ZtW4r8 vEZC2yU7l9r2hsJRjId7oYf3W7Gqgl3grylID2nmY6P3xsesUQc_g9LrJF7g yJ7HxiXHouPQokrKALQ9DtwmckHkQ14UJahsKulaNROpd4zLvTSrK6TZsNgK dS4HOqKHkCjrPclLnAPkNicp5ZzZtoFjlrUsSOODwhqdmZtW38murefWZd7z 3qngm0iNjZ9oqZBojCEyOyp.1PC0mguaRBOrqOKsnkzCTjq1GTwe95FvwBDB y8oNpsih_oEwm
Received: from [99.31.212.42] by web31813.mail.mud.yahoo.com via HTTP; Mon, 01 Aug 2011 08:41:11 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.113.315625
References: <90C41DD21FB7C64BB94121FBBC2E723450245F611B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Message-ID: <1312213271.20715.YahooMailNeo@web31813.mail.mud.yahoo.com>
Date: Mon, 01 Aug 2011 08:41:11 -0700
From: "William J. Mills" <wmills@yahoo-inc.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>, OAuth WG <oauth@ietf.org>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723450245F611B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-170212033-1312213271=:20715"
Cc: Ben Adida <ben@adida.net>, "'Adam Barth (adam@adambarth.com)'" <adam@adambarth.com>
Subject: Re: [OAUTH-WG] MAC Tokens body hash
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: "William J. Mills" <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 15:41:10 -0000
Instead of "body" hash why not make it a payload hash or additional hash. The app can include a hash of data there as defined by the app, and you've reserved a spot for that. ________________________________ From: Eran Hammer-Lahav <eran@hueniverse.com> To: OAuth WG <oauth@ietf.org> Cc: Ben Adida <ben@adida.net>; "'Adam Barth (adam@adambarth.com)'" <adam@adambarth.com> Sent: Friday, July 29, 2011 6:43 PM Subject: [OAUTH-WG] MAC Tokens body hash I plan to drop support for the bodyhash parameter in the next draft based on bad implementation experience. Even with simple text body, UTF encoding has introduced significant issues for us. The current draft does not work using simple JS code between a browser and node.js even when both use the same v8 engine due to differences in the body encoding. Basically, the JS string used to send a request from the browser is not the actual string sent on the wire. To fix that, we need to force UTF-8 encoding on both sides. However, that is very much application specific. This will not work for non-text bodies. Instead, the specification should offer a simple way to use the ext parameter for such needs, including singing headers. And by offer I mean give examples, but leave it application specific for now. I am open to suggestions but so far all the solutions I came up with will introduce unacceptable complexity that will basically make this work useless. EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Phil Hunt
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Phil Hunt
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Skylar Woodward
- Re: [OAUTH-WG] MAC Tokens body hash Barry Leiba
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Phillip Hunt
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Phil Hunt
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Phillip Hunt