Re: [OAUTH-WG] Understanding the reasoning for Base64
Breno <breno.demedeiros@gmail.com> Fri, 25 June 2010 18:39 UTC
Return-Path: <breno.demedeiros@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 331513A68F9 for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:39:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lzj83ZkUEboK for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:39:55 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id B4E3D3A6A1E for <oauth@ietf.org>; Fri, 25 Jun 2010 11:39:40 -0700 (PDT)
Received: by gyh4 with SMTP id 4so5523621gyh.31 for <oauth@ietf.org>; Fri, 25 Jun 2010 11:39:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=g2L0ISEbvQ63/WO95qN7KfLDRoraaHq1qmAawXuK9LY=; b=JTZAHwVQv2z1gRWffxpy02q36Y8kgJV3ngbpeZyaIBi66zeH2Cx9qCwcH8dW9psQUC VDdiCysZLdlnFF7NlR/ClbNdDdgApo+pc6CkQ+qUmVnRB30PPH1znKyuuYQCiw3d2rYe ZnDJRNIVC6ZIig4hWkm7IsuLrDrMNjo6rX1z4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=fCZztCeIvSeiq8J2tSkF8geQwNGZMiBHvesQBp14FZW5IfkMqkT01lVBtUhVoIo0fQ D/vRZZ6qSgHbmuXmW5eRG3aIyPQPNXTgjQFK27ioW5TfIvW7ovzAx8srNWC5ZX7TB6Ow kbIXzMrNS1QLPcq2aT1iBAyBoGetzJmCpTbYU=
MIME-Version: 1.0
Received: by 10.101.105.22 with SMTP id h22mr1420331anm.35.1277491189302; Fri, 25 Jun 2010 11:39:49 -0700 (PDT)
Received: by 10.100.225.19 with HTTP; Fri, 25 Jun 2010 11:39:49 -0700 (PDT)
In-Reply-To: <2625894F-2979-40BD-81E1-05A6EB8723CD@facebook.com>
References: <AANLkTimMruKyblUWROkPMDapFKtTztOXqL64PpQxCmKO@mail.gmail.com> <2625894F-2979-40BD-81E1-05A6EB8723CD@facebook.com>
Date: Fri, 25 Jun 2010 11:39:49 -0700
Message-ID: <AANLkTinvLOV0f3I-aWpeAbfIpfGyxZSB2RHu52iw5mDC@mail.gmail.com>
From: Breno <breno.demedeiros@gmail.com>
To: Luke Shepard <lshepard@facebook.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Understanding the reasoning for Base64
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2010 18:39:59 -0000
On Fri, Jun 25, 2010 at 10:49 AM, Luke Shepard <lshepard@facebook.com> wrote:
> Brian, Dirk - just wondering if you had thoughts here?
>
> The only strong reason I can think of for base64 encoding is that it allows for a delimiter between the body and the signature. Is there any other reason?
Without base64 encoding we have to define canonicalization procedures
around spaces and we still have to URL encode separator characters
such as {. There is also the risk that developers might be confused
whether the URL encoding is to be performed before or after
computation of the signature. If you say that the signature is
computed on the base64 encoded blob, there's less scope for confusion
and interoperability issues.
>
> On Jun 24, 2010, at 11:33 AM, Naitik Shah wrote:
>
>> I've been following some of the discussions wrt the new Signature proposal, and I think I get the reason for needing Base64, but wasn't quite sure if I understood it correctly (allows the use of a separator?). Would someone mind elaborating?
>>
>> The payload looks is urlencode(web_base64(json_encode(data))) -- and the urlencode in this case should be an identity function.
>>
>> I'm wondering if urlencode(json_encode(data)) would be acceptable.
>>
>>
>> Thanks,
>> -Naitik
>> <ATT00001..txt>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
--
Breno de Medeiros
- [OAUTH-WG] Understanding the reasoning for Base64 Naitik Shah
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Luke Shepard
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Breno
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Naitik Shah
- Re: [OAUTH-WG] Understanding the reasoning for Ba… John Panzer
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Naitik Shah
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Dick Hardt
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Naitik Shah
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Dick Hardt
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Paul Tarjan
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Dick Hardt
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Naitik Shah
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Ben Laurie
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Dick Hardt
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Dick Hardt
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Luke Shepard
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Naitik Shah
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Dick Hardt
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Evan Gilbert
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Naitik Shah
- Re: [OAUTH-WG] Understanding the reasoning for Ba… Dick Hardt