IETF Logo Mail Archive

Re: [OAUTH-WG] Understanding the reasoning for Base64

Dick Hardt <dick.hardt@gmail.com> Sat, 03 July 2010 18:35 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8FAAB3A6781 for <oauth@core3.amsl.com>; Sat, 3 Jul 2010 11:35:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.407
X-Spam-Level:
X-Spam-Status: No, score=-2.407 tagged_above=-999 required=5 tests=[AWL=0.191, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJ8cShoM2Utq for <oauth@core3.amsl.com>; Sat, 3 Jul 2010 11:35:57 -0700 (PDT)
Received: from mail-px0-f172.google.com (mail-px0-f172.google.com [209.85.212.172]) by core3.amsl.com (Postfix) with ESMTP id 71B173A682A for <oauth@ietf.org>; Sat, 3 Jul 2010 11:35:56 -0700 (PDT)
Received: by pxi20 with SMTP id 20so2178463pxi.31 for <oauth@ietf.org>; Sat, 03 Jul 2010 11:36:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:message-id:references:to :x-mailer; bh=74QhIpzHCzrJvRB8pqDFsQxfxdhh7J1RQOJGYm9Sxi0=; b=wp8pNUtYfNtpbzHbx4hXJrvMc4She3vl537S9jgwxusgb4luvIEk9ltEntE+ifgZwh Oxt2MSx5tKKyzIaLeBK5xo16nWhtENeso/isdPtVtOcFZCAmzl+Dg8SRrG1zD1lXu1gK kGYLOOLbiMULJVMXUJHT/WaRPifWiIKFS6Qz0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; b=xuU2aG9HCcDR9ewOeVIGK1XwdGkkHLsYUv9z6iRs5FB/AXqi56xq8a8d+YKZvmsBqg 2LemHN/IhfMN5qnF3Aaj7Px6mvnuJs3Rqjk0jL8cqK42XP0ww71PiqOCdtgnTyP2Er4H IfIS4yttk2jEi2AEQ1jinx/2U+L7hqe8Eswrk=
Received: by 10.142.134.7 with SMTP id h7mr785388wfd.267.1278182166560; Sat, 03 Jul 2010 11:36:06 -0700 (PDT)
Received: from [192.168.1.5] ([24.130.32.55]) by mx.google.com with ESMTPS id g37sm2358357rvb.5.2010.07.03.11.36.05 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 03 Jul 2010 11:36:05 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: multipart/alternative; boundary="Apple-Mail-5--772746886"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <20ACF96E-5753-4004-BE44-96BAD43FE7C9@facebook.com>
Date: Sat, 03 Jul 2010 11:36:03 -0700
Message-Id: <ED0E20BE-525C-4BDF-9BAA-3D3A8737B918@gmail.com>
References: <AANLkTimMruKyblUWROkPMDapFKtTztOXqL64PpQxCmKO@mail.gmail.com> <2625894F-2979-40BD-81E1-05A6EB8723CD@facebook.com> <AANLkTinvLOV0f3I-aWpeAbfIpfGyxZSB2RHu52iw5mDC@mail.gmail.com> <AANLkTilWNneonIRX21U1RZcE80FuVSJWXU7CNm5pV275@mail.gmail.com> <AANLkTin-7PNLv-Hc229JJcOrIBh4fJqY5CMaLCMbmoIk@mail.gmail.com> <AANLkTikh_nQ8dXSp7QXJ79kCdbX1zeyPKAl_kgplb25x@mail.gmail.com> <3DC7AEF8-3283-4970-BB98-3D680A3E2429@gmail.com> <AANLkTimpvWCbCBEWdI1Id5Ig_xCUW2hvKDro5LyhufMV@mail.gmail.com> <FE47FED0-3850-4393-9C79-DE06F0F7B6CA@gmail.com> <BA564125-9FBB-4B1A-93AC-7DD1A754A5E1@facebook.com> <C66A9854-02EB-4CCE-8338-382AEEC7EA61@gmail.com> <AANLkTikiXVruhZSH3Q6rMhdZAHRBPkhE_JVhSNOhCXmN@mail.gmail.com> <6B008ED4-4536-4A95-89B6-917696E6AF79@gmail.com> <20ACF96E-5753-4004-BE44-96BAD43FE7C9@facebook.com>
To: Luke Shepard <lshepard@facebook.com>
X-Mailer: Apple Mail (2.1081)
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Understanding the reasoning for Base64
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jul 2010 18:35:59 -0000

On 2010-07-03, at 11:28 AM, Luke Shepard wrote:

>> 
>>> >
>>> > * We'd like the signature first (so you can left split instead of right split)
>>> 
>>> What are the advantages of left split vs right split?
>>> 
>>> Built in split function with a limit is more common, which makes the left split easier.
>> 
>> Size limit I am assuming? Since the size of the signature is known, this makes it safer to have it first? Makes sense to me.
> 
> Sounds like we agree on this point at least.

sortof, I don't disagree :)

> 
> The main reason is that it's easier to restrict the delimiter from appearing in the signature than in the payload. This way the delimiter (period) can show up in the payload and a left split can still work.

if each string is base64url, then the period is always the separator

I am still and advocate for a separate string which is the payload. I consider this mechanism to be more generic than OAuth request signatures. I think it can be used for OAuth tokens as well.

v2.46.0 | Report a Bug | By Email | System Status