IETF Logo Mail Archive

Re: [OAUTH-WG] Shepherd Writeup for draft-ietf-oauth-spop-06.txt

Brian Campbell <bcampbell@pingidentity.com> Tue, 17 February 2015 22:17 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A551A88C9 for <oauth@ietfa.amsl.com>; Tue, 17 Feb 2015 14:17:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level:
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6NXh1COJls1 for <oauth@ietfa.amsl.com>; Tue, 17 Feb 2015 14:17:32 -0800 (PST)
Received: from na3sys009aog114.obsmtp.com (na3sys009aog114.obsmtp.com [74.125.149.211]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 115C11A88BC for <oauth@ietf.org>; Tue, 17 Feb 2015 14:17:31 -0800 (PST)
Received: from mail-qa0-f51.google.com ([209.85.216.51]) (using TLSv1) by na3sys009aob114.postini.com ([74.125.148.12]) with SMTP ID DSNKVOO9+7kfRc+eNhePxO5n4XvmSr0fXORt@postini.com; Tue, 17 Feb 2015 14:17:32 PST
Received: by mail-qa0-f51.google.com with SMTP id i13so28340944qae.10 for <oauth@ietf.org>; Tue, 17 Feb 2015 14:17:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=VBCJTpAalbUc2XaZXLKhtak5Qf6rhOQ6ZkmbKIDHYdU=; b=D05e0aotW689kq+KZ6HfOf68KqwMUzQ61FRO/BGtCPQ1GVjfPUkuQE9Wc1cOz2nByj x2aileM8BMZLRCvAjpuTnq0EleYkY5xyipKWVsU5oHvSmqu7PrQVOpPkH/YPr3unAw4d 3lkfQAXVwaTK0UIpqZSpKb7HW9iWKWR9OQ5d15Fi5LBaAHODnOczVSM2AUdS3kgn5lI0 98XkUDkkkGyVknPBqeHgO8BlnH4Fpp7iHxaAfTwmbcg8S5OrVE81UK7Aa+SVAzRdJEzM 96j3xQjO/iiccGeUsrXu3ngfVY5Ig7NicS1wkH3EzzAk9hNJ5TLrEOobOi/ETkpfN4rn zZ9Q==
X-Gm-Message-State: ALoCoQmCsuW1xdJi9bKXC8ulhsnHn+r947ThXHHm2ecVwWh1LEv79K6IDO1IYLdKvdwrphOGLSLkEP02Phagvfd4+qIwmsp7OkbFf+7m+Ha+uIRE16hkBGKyaKbU3qmtRqlOy52LHrjg
X-Received: by 10.140.237.6 with SMTP id i6mr396317qhc.32.1424211451081; Tue, 17 Feb 2015 14:17:31 -0800 (PST)
X-Received: by 10.140.237.6 with SMTP id i6mr396301qhc.32.1424211450990; Tue, 17 Feb 2015 14:17:30 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.95.45 with HTTP; Tue, 17 Feb 2015 14:17:00 -0800 (PST)
In-Reply-To: <54E37133.4090401@gmx.net>
References: <54C7BBA4.4030702@gmx.net> <CA+k3eCQCPiAR0s1cX5mC=h2O-5ptVTVq6=cVKHFKu_Adq8bJTg@mail.gmail.com> <54E37133.4090401@gmx.net>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 17 Feb 2015 15:17:00 -0700
Message-ID: <CA+k3eCTzvyTEZbpH1CbBbzdz3Ysz1BcMb7fKnhKHm-b_uZ-8vQ@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary="001a11359c709f2655050f501199"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/O770VoCCsyKCOITViLV3vz1b1vk>
Cc: "oauth@ietf.org" <oauth@ietf.org>, "naa@google.com >> Naveen Agarwal" <naa@google.com>
Subject: Re: [OAUTH-WG] Shepherd Writeup for draft-ietf-oauth-spop-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2015 22:17:34 -0000

When we did the implementation there was no S256 transformation defined or
made MTI for the server. I'm pretty sure it was http://tools.ietf.org/html/
draft-sakimura-oauth-tcse-03

Thus, our server supports only the "no transformation" (as it was called
then) or the "plain" code_challenge_method (as it's called now).

It is compatible with the latest version of the draft for a client using
the "plain" code_challenge_method (thank you to everyone for maintaining
that). But wouldn't work for the "S256" code_challenge_method as it didn't
exist at the time we implemented.

On Tue, Feb 17, 2015 at 9:49 AM, Hannes Tschofenig <
hannes.tschofenig@gmx.net> wrote:

> Hi Brian,
>
> what is different between the version you guys implemented and the
> version that is currently documented in the latest version of the draft?
>
> Ciao
> Hannes
>
>
> On 01/30/2015 06:50 PM, Brian Campbell wrote:
> >
> > On Tue, Jan 27, 2015 at 9:24 AM, Hannes Tschofenig
> > <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote:
> >
> >
> >     1) What implementations of the spec are you aware of?
> >
> >
> > We have an AS side implementation of an earlier draft that was released
> > in June of last year:
> >
> http://documentation.pingidentity.com/pages/viewpage.action?pageId=26706844
>
>

v2.23.0 | Report a Bug | By Email