Re: [OAUTH-WG] proposal for signatures
Breno <breno.demedeiros@gmail.com> Fri, 25 June 2010 18:01 UTC
Return-Path: <breno.demedeiros@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 91E3628C184 for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:01:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ugZtAz1wOwyV for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:01:32 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by core3.amsl.com (Postfix) with ESMTP id 9810A28C138 for <oauth@ietf.org>; Fri, 25 Jun 2010 11:01:32 -0700 (PDT)
Received: by gxk8 with SMTP id 8so2233260gxk.31 for <oauth@ietf.org>; Fri, 25 Jun 2010 11:01:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=R1GoNckUyYIzG1Wq+i9Vd3d0rwFKdlQXCLfY70iPUhs=; b=E3O/pXSN9rTVeU31gvB7zM0XKSj/NXKMIpwqC0t6afw4UFj4L0PPGXyg0xiktrCcpO 5nAyv7XCcRI2Gh++HBIK4oViMdHpddOYDt2SLtvyRut+O35AeGgbjiiH9KpXg8EM4uf5 nvlPtEIA2tP1GI7ajNltFhIxKegMQLpdGqUcc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=JkDXpLpEtauwc7aEC5Sd85vbxX9B8Y5dIW+yF/CyH4r0jwYd6C5sqg0nM/ZVxZsK34 pWl7i80AXXFGBSVnrQTC3TmgpAS2b3kxZnn6/xjITUA5pVWG6lwFWN3LgQ/SDOh6B5wl ZJjIFCcf5X1cPiR13BFs9S2tJnswYzZ1TOpY4=
MIME-Version: 1.0
Received: by 10.101.5.40 with SMTP id h40mr1296457ani.133.1277488896648; Fri, 25 Jun 2010 11:01:36 -0700 (PDT)
Received: by 10.100.225.19 with HTTP; Fri, 25 Jun 2010 11:01:36 -0700 (PDT)
In-Reply-To: <CFA39B76-586F-443B-81F2-AC65FC6361FC@facebook.com>
References: <AANLkTingCgO-o3XRZbxYoD8U2rRTO-EgWcfg2hBlbQHm@mail.gmail.com> <AANLkTinZ1XIFO25mcgoiDV-V0Blvv8ZC6kV_F3fca3dC@mail.gmail.com> <4C5BCAC6-713F-4C42-8696-2931D1AB3199@gmail.com> <AANLkTinlATNBEQsmFJIxv_cgqfI_tsoGfTMy6OXN6F_B@mail.gmail.com> <A08279DC79B11C48AD587060CD9397712735068D@TK5EX14MBXC101.redmond.corp.microsoft.com> <AANLkTimLrZzwDW9rMtGjD9k6ZtXc_oDXIIIYWOMw-NCi@mail.gmail.com> <AANLkTilcn_qQLgriJEdPk95f2Zliyk0QXGvU6t77Aa7G@mail.gmail.com> <AANLkTinEjidY_HmcGHPTus7P1snjCl9DPL4dX-Sz_mTQ@mail.gmail.com> <AANLkTilRUQiD5oRyxUZXmPs2skCY8zAmc1Vl--8pEblS@mail.gmail.com> <AANLkTilAjh9Jl0__9jksh3eY7giVR6Wtr0NYNoFfYHZX@mail.gmail.com> <AANLkTil3NxM_TmrusslVpCTqwqA8AEtH_vPsHnxkrcE3@mail.gmail.com> <CFA39B76-586F-443B-81F2-AC65FC6361FC@facebook.com>
Date: Fri, 25 Jun 2010 11:01:36 -0700
Message-ID: <AANLkTim0Z9wZrqX_zZxboZHCRjx9a28VcabWr-Hi1_-H@mail.gmail.com>
From: Breno <breno.demedeiros@gmail.com>
To: Luke Shepard <lshepard@facebook.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "Hannes.Tschofenig@gmx.net" <Hannes.Tschofenig@gmx.net>, OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] proposal for signatures
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2010 18:01:33 -0000
On Fri, Jun 25, 2010 at 10:51 AM, Luke Shepard <lshepard@facebook.com> wrote: >> What's the purpose of leaving out the key ID? > It's one more field that developers have to learn and configure and type in. > We should keep the simple case simple, while allowing for more complex > cases. I think the fact that many providers now offer only a single, shared > secret is an indication that the key ID is not required. Are you arguing here that the key_id should be an optional field, or that it should not be part of the specification at all? > On Jun 25, 2010, at 7:40 AM, Breno wrote: > > Key ids are an optimization in the case of rotating public keys, but pretty > much an operational requirement if you wish to support automatic rotation of > shared keys. > > On Jun 23, 2010 2:56 AM, "Ben Laurie" <benl@google.com> wrote: > > On 22 June 2010 21:45, David Recordon <recordond@gmail.com> wrote: >> Hey Dick, in answering my quest... > > I don't understand why they are unnecessary no matter how keys are > managed: if there's ever a possibility that you might have more than > one key for someone, then key IDs are a useful optimisation. > > Put it another way: what's the purpose of leaving out the key ID? > >> And yes, Applied Cryptography is worth reading. :) >> >> --David >> >> >> On Tue, Jun 22, 2010 at 12:5... > > <ATT00001..txt> > -- Breno de Medeiros
- [OAUTH-WG] proposal for signatures Dirk Balfanz
- Re: [OAUTH-WG] proposal for signatures Ben Laurie
- Re: [OAUTH-WG] proposal for signatures Nat Sakimura
- Re: [OAUTH-WG] proposal for signatures Ben Laurie
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures Nat Sakimura
- Re: [OAUTH-WG] proposal for signatures Ben Laurie
- Re: [OAUTH-WG] proposal for signatures Brian Eaton
- Re: [OAUTH-WG] proposal for signatures Justin Smith
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures Brian Eaton
- Re: [OAUTH-WG] proposal for signatures Dirk Balfanz
- Re: [OAUTH-WG] proposal for signatures Dirk Balfanz
- Re: [OAUTH-WG] proposal for signatures Manger, James H
- Re: [OAUTH-WG] proposal for signatures David Recordon
- Re: [OAUTH-WG] proposal for signatures David Recordon
- Re: [OAUTH-WG] proposal for signatures Ben Laurie
- Re: [OAUTH-WG] proposal for signatures Ben Laurie
- Re: [OAUTH-WG] proposal for signatures Ben Laurie
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures Brian Eaton
- Re: [OAUTH-WG] proposal for signatures William Mills
- Re: [OAUTH-WG] proposal for signatures John Panzer
- Re: [OAUTH-WG] proposal for signatures Anthony Nadalin
- Re: [OAUTH-WG] proposal for signatures Justin Richer
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures David Recordon
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures David Recordon
- Re: [OAUTH-WG] proposal for signatures George Fletcher
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures Dirk Balfanz
- Re: [OAUTH-WG] proposal for signatures Dirk Balfanz
- Re: [OAUTH-WG] proposal for signatures Dirk Balfanz
- Re: [OAUTH-WG] proposal for signatures Ben Laurie
- Re: [OAUTH-WG] proposal for signatures Breno
- Re: [OAUTH-WG] proposal for signatures Luke Shepard
- Re: [OAUTH-WG] proposal for signatures Breno
- Re: [OAUTH-WG] proposal for signatures William Mills
- Re: [OAUTH-WG] proposal for signatures Torsten Lodderstedt
- Re: [OAUTH-WG] proposal for signatures Eran Hammer-Lahav
- Re: [OAUTH-WG] proposal for signatures Dirk Balfanz
- Re: [OAUTH-WG] proposal for signatures Eran Hammer-Lahav
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures Paul Tarjan
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures Eran Hammer-Lahav
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures David Recordon
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures David Recordon
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures David Recordon
- Re: [OAUTH-WG] proposal for signatures Dirk Balfanz
- Re: [OAUTH-WG] proposal for signatures Dick Hardt
- Re: [OAUTH-WG] proposal for signatures Nat Sakimura