Re: [OAUTH-WG] oauth-pop-key-distribution

Torsten Lodderstedt <torsten@lodderstedt.net> Wed, 14 January 2015 07:34 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9CE11A8A50 for <oauth@ietfa.amsl.com>; Tue, 13 Jan 2015 23:34:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.552
X-Spam-Level:
X-Spam-Status: No, score=-1.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7znUqjycC4Kg for <oauth@ietfa.amsl.com>; Tue, 13 Jan 2015 23:34:02 -0800 (PST)
Received: from smtprelay01.ispgateway.de (smtprelay01.ispgateway.de [80.67.31.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74D8D1A8AC8 for <oauth@ietf.org>; Tue, 13 Jan 2015 23:34:01 -0800 (PST)
Received: from [79.253.63.146] (helo=[192.168.71.131]) by smtprelay01.ispgateway.de with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.84) (envelope-from <torsten@lodderstedt.net>) id 1YBISl-0003mz-BF; Wed, 14 Jan 2015 08:33:59 +0100
References: <0C9709D9-42BE-4971-A1AD-9825811C69D7@ve7jtb.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <0C9709D9-42BE-4971-A1AD-9825811C69D7@ve7jtb.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <037ABA76-8414-4272-BAAA-327A92744FBC@lodderstedt.net>
X-Mailer: iPad Mail (12B440)
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Date: Wed, 14 Jan 2015 08:33:57 +0100
To: John Bradley <ve7jtb@ve7jtb.com>
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/6a2jP7G_wTKPfHQQB68ctc_2AtY>
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] oauth-pop-key-distribution
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2015 07:34:05 -0000

Hi John,

> Am 14.01.2015 um 00:26 schrieb John Bradley <ve7jtb@ve7jtb.com>:
> 
> We don't currently have any examples in the spec of getting a key based on a RT but it is required if you are using symmetric keys with multiple RS.

I think one could treat RTs like any other tokens in pop and issue a corresponding key. As a consequence refresh requests to the AS would be signed. Sounds straight forward to me (at least on a conceptual level).

kind regards,
Torsten.