Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
Robert Sayre <sayrer@gmail.com> Tue, 11 May 2010 03:49 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A172F28C103 for <oauth@core3.amsl.com>; Mon, 10 May 2010 20:49:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.11
X-Spam-Level:
X-Spam-Status: No, score=-3.11 tagged_above=-999 required=5 tests=[AWL=-0.370, BAYES_20=-0.74, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id So4loHluvob6 for <oauth@core3.amsl.com>; Mon, 10 May 2010 20:49:40 -0700 (PDT)
Received: from mail-qy0-f181.google.com (mail-qy0-f181.google.com [209.85.221.181]) by core3.amsl.com (Postfix) with ESMTP id B3B6728C0F7 for <oauth@ietf.org>; Mon, 10 May 2010 20:49:40 -0700 (PDT)
Received: by qyk11 with SMTP id 11so6700572qyk.13 for <oauth@ietf.org>; Mon, 10 May 2010 20:49:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=wgXC3HJy1BfQLbDSR2vWQmhW1D/wsxDCCg5BTzghXrg=; b=v6RVgG/nNflV83r7lxzfg/cg0w15+q2y14v6UioZ3fbpTvl337bgimEwt+ef4/llMk xNGXmLXx82BVuo53fIbZM/k+Ha8NnXv+zyGOYVc9sa4umtlijCMgKjSZTqZGIVbOCnoZ /z9BvJN5HXoy9bji8LsY87wFJZnjttc8M5g28=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=TssIu7x5576n1Wfi5dIACUa4nrWERRo3Xk6yVbLzQ+MfJpJmkiRKMHVhr9KysocJC1 oEavtajNO/HWSw2/2hCNlp6EcoI1X8vb2MiWp744Qoxly8MArb8nlJD7V1CrlfrfJTgn 6TGKDzv4oiWRFROBb/36YCk4kuwtx9iejVq7w=
MIME-Version: 1.0
Received: by 10.229.182.5 with SMTP id ca5mr4156363qcb.98.1273549766600; Mon, 10 May 2010 20:49:26 -0700 (PDT)
Received: by 10.229.99.142 with HTTP; Mon, 10 May 2010 20:49:26 -0700 (PDT)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343B3AB4712A@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3AB46E1C@P3PW5EX1MB01.EX1.SECURESERVER.NET> <7C01E631FF4B654FA1E783F1C0265F8C4A426BAB@TK5EX14MBXC117.redmond.corp.microsoft.com> <90C41DD21FB7C64BB94121FBBC2E72343B3AB4712A@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Mon, 10 May 2010 23:49:26 -0400
Message-ID: <AANLkTim8W91ViX8KmYQAGhEhVKMIG5LZCJc7-IL1P6tJ@mail.gmail.com>
From: Robert Sayre <sayrer@gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2010 03:49:41 -0000
On Mon, May 10, 2010 at 10:43 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote: > > What? > > Basic auth seems to be working just fine for the entire web... I hadn't heard of implementations hitting a limitation on header size, but Basic and Digest are both broken. Basic leaves the input character encoding unspecified, so it doesn't handle anything but ASCII in an interoperable way. OAuth implementations will certainly screw this up too, but I suspect it will be somewhat less buggy, since most people will probably just guess it's supposed to be UTF-8. The way Digest hashes credentials is incompatible with pretty much every authentication database, so it never gets used, and it isn't very secure anyway. What /would/ be nice is an HTTP authentication scheme that used some sort of PAKE... but don't gate the OAuth spec on that. -- Robert Sayre "I would have written a shorter letter, but I did not have the time."
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… DeWitt Clinton
- [OAUTH-WG] Open Issues: Group Survey (respond by … Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… David Recordon
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Dick Hardt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Manger, James H
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… David Waite
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Joseph Smarr
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Pid
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Mark Mcgloin
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Richer, Justin P.
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Dick Hardt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Mike Moore
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Pid
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Joseph Smarr
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Joseph Smarr
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Robert Sayre
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Pid
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yutaka OIWA
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yutaka OIWA
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Vivek Khurana
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Marius Scurtescu
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Robert Sayre
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Robert Sayre
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Greg Brail
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Kris Selden
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Marius Scurtescu
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Manger, James H
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Evan Gilbert
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Marius Scurtescu
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Manger, James H