IETF Logo Mail Archive

Re: [OAUTH-WG] signatures, v2

Naitik Shah <n@daaku.org> Fri, 16 July 2010 01:46 UTC

Return-Path: <naitiks@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7DF8C3A6807 for <oauth@core3.amsl.com>; Thu, 15 Jul 2010 18:46:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.976
X-Spam-Level:
X-Spam-Status: No, score=-1.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MW0el4bdRgAR for <oauth@core3.amsl.com>; Thu, 15 Jul 2010 18:46:08 -0700 (PDT)
Received: from mail-px0-f172.google.com (mail-px0-f172.google.com [209.85.212.172]) by core3.amsl.com (Postfix) with ESMTP id A54C03A63D3 for <oauth@ietf.org>; Thu, 15 Jul 2010 18:46:08 -0700 (PDT)
Received: by pxi20 with SMTP id 20so944875pxi.31 for <oauth@ietf.org>; Thu, 15 Jul 2010 18:46:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:to:cc:content-type; bh=O29FxgqIt/bGZ0106L8LsQiutCEPP+J/cS2PB47WN8w=; b=DNrViMn15OszCcpLr/k4QLK5v81VPAEYJpBzUjs0bqtKyHE/CX77meposVPDwyOs09 CUCw5S++i4NLPjmFIfVvdIRXsS/WP9pHiFVFhzJU9bwakqI5JigS9ppw8E8CLDYN208g mKCysis5mZIA7szWwMzAHowVwre6JxYZiAnBM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=IEdME7Kre+ivjC8WuMmbdA3X6tiEizkAqAgTNvq7pZyksFPsk2CwfEIpY5LeIjFUuC scnf6HGmsCPDs7imkDalwISg2jesrXZcquIuvVkjDEjtWlT/GxITT+hchN5X74L5AqW0 frjaaMfDwV4Hxnr4HlpF7g67lSWTCjzuqmrZY=
Received: by 10.142.212.2 with SMTP id k2mr323936wfg.264.1279244777256; Thu, 15 Jul 2010 18:46:17 -0700 (PDT)
MIME-Version: 1.0
Sender: naitiks@gmail.com
Received: by 10.142.203.12 with HTTP; Thu, 15 Jul 2010 18:45:56 -0700 (PDT)
In-Reply-To: <AANLkTim7pvrLnQtz4WnDvYVRv0jbWgk3j8uMJj07CsM1@mail.gmail.com>
References: <AANLkTim7pvrLnQtz4WnDvYVRv0jbWgk3j8uMJj07CsM1@mail.gmail.com>
From: Naitik Shah <n@daaku.org>
Date: Thu, 15 Jul 2010 18:45:56 -0700
X-Google-Sender-Auth: IPZQQVuNqcmRek9IQ9PtBnNLu9I
Message-ID: <AANLkTinKfW8O3yMzVAS0NzYYmPrpRGnT6J2eJCIb5p_C@mail.gmail.com>
To: Dirk Balfanz <balfanz@google.com>
Content-Type: multipart/alternative; boundary="000e0cd33196877646048b776203"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] signatures, v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2010 01:46:09 -0000

On Thu, Jul 15, 2010 at 5:43 PM, Dirk Balfanz <balfanz@google.com> wrote:

>
> One question: What's the deal with having the signature go first? If you
> can explain to me why that is a good idea, I'm happy to oblige.
>
>
When we were talking about base64url or not, putting the signature before
the dot meant it was okay for a dot to show up in the payload in an
unencoded fashion, which was coupled with the fact that lsplit or split with
a limit are more common in standard libraries based on some rough
exploration. But that's not relevant anymore.

Is there a downside to having the signature first? I like it better because
the signature length is predictable, meaning the first X chars will be the
sig, and then the X+1 char will be the dot. I like the consistency it
provides :)


-Naitik

v2.23.0 | Report a Bug | By Email