Re: [OAUTH-WG] Fwd: [kitten] [IANA #731918] SASL mechanism not listed

Bill Mills <> Mon, 24 March 2014 20:06 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C3A361A02EE for <>; Mon, 24 Mar 2014 13:06:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.508
X-Spam-Status: No, score=-1.508 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hlYbiyDxkQ9f for <>; Mon, 24 Mar 2014 13:06:54 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 598151A02EB for <>; Mon, 24 Mar 2014 13:06:54 -0700 (PDT)
Received: from [] by with NNFMP; 24 Mar 2014 20:06:53 -0000
Received: from [] by with NNFMP; 24 Mar 2014 20:06:53 -0000
Received: from [] by with NNFMP; 24 Mar 2014 20:06:53 -0000
X-Yahoo-Newman-Property: ymail-3
Received: (qmail 12795 invoked by uid 60001); 24 Mar 2014 20:06:53 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1024; t=1395691613; bh=jXaF9w7ON79g3GEpLfW+kBt6jteUmI5bTL0+CdlyavU=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=PRgKNzoX7O+ak6EiXTVYJ3XNxSgIsSw1RC/OSmaq6j2V5SiRlrBTRS8JVCNa7KY+LWrPONEwdWSDvbHL9yZ3aAxf5kSwM7RBPdNpHY4qyevD+YXewM841Nbsg53y35gn/ZoiTU5u7Mpg0c9a4qj4I9rHNEKigXjm6ERd7oUxSOU=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024;; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=sV2vnKKr9gCcLRZnNYFxuZdtP9powyC/kaP4b+gFZxIjzLmZq4jM1R4gGB9IuDDIuoaBvlpzialgVQYww+hTJ6CF0jI623XB1tn6LMFIiOTGG037taQAU8q87N1VePEGeRPbiu5N+/5B6MroihTW0LbCfX/MNslj6csB+/J5c40=;
X-YMail-OSG: NXKbMRQVM1kJEUv1xVM1fhlVgv93HHmIaNE7e1OOxaoaYcB ywtr3oRyD0X8e.deEZvtK4g34Wpv3m.zgE8QiF3m21SDGDnvqHAMtonqkR8O 3VHyzKQym75L2hdUDHsNT_ngTUgnUM5RPbzUndhxd.jL5oKSsj8xY81731pd TEOwtS2M1yiJRd4Kv9qOABP2EjjJSD3J36WR0rTOJ6UKLRjwupsWtX2KIGzK UhFRgm36_OXbIrnmr4HiLQ0tPrOrPwsuFaltMfuoZUOpEFDqmYKGxdL0N149 FSDCBa0bjRpdFO5DMzwGEUfgq0SWKBXz4nybLMkBmX5sefYvHVvYJeieR0G6 eZAE.TPNh8Bvh_bgfTQLLv_UCx6AkC2VBvVo7QIFSRqbW8HoLj_C8S2Gf5QY WwneuWI6S2tHU_DEtMcSRjWmLS7Ix82VzqMrocG.x3nv9meh8HkbCpwKCpFB fLjTl8arA0pl4MNfj_LMIp8QcEPLUdogiCvkvYzxpzCx2TQPuH6c2ofulrga JbnM2djAJGwI6VtG.nEVH.zEO0yOq41TWn_lMakBgDsvdGU_Ig59X4yOKWrz wkmfPP1DvUANNK6OSjHn4r_mZK3vwbMVZF9QQugTZaqt5Yl2GcSXu2t8jLNU czh4_PzvtElqumBkfpuU-
Received: from [] by via HTTP; Mon, 24 Mar 2014 13:06:53 PDT
X-Rocket-MIMEInfo: 002.001, R29vZ2xlIHVzZWQgWE9BVVRIIGZvciBpdCdzIG9yaWdpbmFsIE9BdXRoIDEuMGEgYmFzZWQgbWVjaGFuaXNtLiDCoFRoZXkgdXNlZCBYT0FVVEgyIHRvIHNwZWNpZmljYWxseSBub3QgY29uZmxpY3Qgd2l0aCB3aGF0ZXZlciBuYW1lIHdlIHN0YW5kYXJkaXplZCBvbiBmb3IgdGhlIG1lY2hhbmlzbSBhcyBzdGFuZGFyZGl6ZWQuCgpUaGV5IHBsYW4sIGFjY29yZGluZyB0byBSeWFuIHdobydzIGJlZW4gcGFydGljaXBhdGluZyBvbiBsaXN0LCB0byBpbXBsZW1lbnQgdGhlIHN0YW5kYXJkaXplZCBtZWNoYW5pc20BMAEBAQE-
X-Mailer: YahooMailWebService/
References: <> <>
Message-ID: <>
Date: Mon, 24 Mar 2014 13:06:53 -0700 (PDT)
From: Bill Mills <>
To: Stephen Farrell <>, "" <>, "" <>, "iana-questions@ietf.corg" <iana-questions@ietf.corg>
In-Reply-To: <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="905790552-1643390876-1395691613=:66133"
Subject: Re: [OAUTH-WG] Fwd: [kitten] [IANA #731918] SASL mechanism not listed
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <>
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 24 Mar 2014 20:06:56 -0000

Google used XOAUTH for it's original OAuth 1.0a based mechanism.  They used XOAUTH2 to specifically not conflict with whatever name we standardized on for the mechanism as standardized.

They plan, according to Ryan who's been participating on list, to implement the standardized mechanism definition under the OAUTHBEARER mechanism name so there should be no conflict.



On Monday, March 24, 2014 12:34 PM, Stephen Farrell <> wrote:

See below. I think (not quite sure) that this is better
discussed on the kitten list.


-------- Original Message --------
Subject: [kitten] [IANA #731918] SASL mechanism not listed
Date: Mon, 24 Mar 2014 19:33:06 +0000
From: Stephen Farrell <>
To: <>
CC: <>


IANA were asked the following question a while back, but I
dropped the ball;-)

I'd appreciate your thoughts on the matter. I'm not quite
sure which registries are meant exactly though.

(I'll also forward to the oauth WG, but not cross-post)



The following draft describes a SASL mechanism that is in use on
GMail and should not therefore be allocated to another scheme unless
we want bad things to happen.

The strings XOAUTH and XOAUTH2 are also being used for a preliminary
version of the OAUTH spec as well.

The reason Google is using this particular mechanism rather than
PLAIN is that it is the one that has the widest client support:

So it would be a real disaster if this particular code point was re-issued.

It would probably be a good idea if every registry had a list of 'dirty'
code points that must not be reused because there are existing applications.


Kitten mailing list

OAuth mailing list