IETF Logo Mail Archive

Re: [OAUTH-WG] Proposal: OAuth 1.0 signature in core with revision

Dick Hardt <dick.hardt@gmail.com> Mon, 27 September 2010 15:53 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7BCDA3A6D8C for <oauth@core3.amsl.com>; Mon, 27 Sep 2010 08:53:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.492
X-Spam-Level:
X-Spam-Status: No, score=-2.492 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSqiewMIVVlC for <oauth@core3.amsl.com>; Mon, 27 Sep 2010 08:52:59 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id 871373A6D7A for <oauth@ietf.org>; Mon, 27 Sep 2010 08:52:59 -0700 (PDT)
Received: by pwi3 with SMTP id 3so826705pwi.31 for <oauth@ietf.org>; Mon, 27 Sep 2010 08:53:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:message-id:references:to :x-mailer; bh=1TcdbzTg5N1PJQTFmtQs5JsWlgemTSXg0ecbSPQnJX4=; b=Is19Z1fVK/EjoFKRUv/wuNKTv0682WVwwORxGfMmL3XbT1jJDHiSn7Iv53SxKdrIp/ UeoAUjNFKma9Q59PUCWinyDeVSxx66ArIsM0+Sf8ua+bxlgGgZTMoj1smb6+ks9oXQDu TnrbsXP8GtI1MztW764Sp43XHSyNAFWYzuOTI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; b=Yuj8rambd94qmH3GK1721natBiGF3RldZ8VzmVam5NoybDz//BZ+bCcl5634bpbsPE XipJG26Bfz6b+U86VVTDPyKd5DVH4hLbcpKgCHiGyYqw19d+U2rCEK57e85TZBFA5fR6 +8MqtdlVw3ByGiZ5bYmnXcXJisabNg8uNUCto=
Received: by 10.114.26.6 with SMTP id 6mr8729087waz.82.1285602817193; Mon, 27 Sep 2010 08:53:37 -0700 (PDT)
Received: from [192.168.1.5] ([24.130.32.55]) by mx.google.com with ESMTPS id o17sm10724918wal.9.2010.09.27.08.53.34 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 27 Sep 2010 08:53:35 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: multipart/alternative; boundary="Apple-Mail-12-205451560"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343D460DB2C9@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Mon, 27 Sep 2010 08:53:33 -0700
Message-Id: <9008EF68-58FE-464D-B211-D5B5B6426E13@gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343D45D80139@P3PW5EX1MB01.EX1.SECURESERVER.NET> <7BEE5493-C73B-4655-96F4-A3BB9ACC872B@gmail.com> <90C41DD21FB7C64BB94121FBBC2E72343D460DB2C9@P3PW5EX1MB01.EX1.SECURESERVER.NET>
To: Eran Hammer-Lahav <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1081)
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Proposal: OAuth 1.0 signature in core with revision
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Sep 2010 15:53:00 -0000

On 2010-09-27, at 8:14 AM, Eran Hammer-Lahav wrote:

> That goes without saying.

No it does not. We are talking about normative specifications.

> Yes. Does this satisfy your concerns?

Depends on the quality of the extension mechanism. 

Many of the people wanting signing want something stronger or more flexible than the OAuth 1.0A mechanism, so I remain concerned that this approach will satisfy them. Interested to see what the signing proponents say.

-- Dick

v2.36.0 | Report a Bug | By Email | System Status