IETF Logo Mail Archive

Re: [OAUTH-WG] Signature crypto

Breno <breno.demedeiros@gmail.com> Thu, 26 November 2009 04:31 UTC

Return-Path: <breno.demedeiros@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4FEB93A6B68 for <oauth@core3.amsl.com>; Wed, 25 Nov 2009 20:31:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNs9t2cHzO+M for <oauth@core3.amsl.com>; Wed, 25 Nov 2009 20:31:09 -0800 (PST)
Received: from mail-yw0-f185.google.com (mail-yw0-f185.google.com [209.85.211.185]) by core3.amsl.com (Postfix) with ESMTP id 314EB3A69BE for <oauth@ietf.org>; Wed, 25 Nov 2009 20:31:09 -0800 (PST)
Received: by ywh15 with SMTP id 15so371817ywh.5 for <oauth@ietf.org>; Wed, 25 Nov 2009 20:31:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=nsjoLZ7sM6rE/WpCy9yBAc6Q3JWcLdSb5O63ayccn8g=; b=P2tu/6+nJeH2CbDZMOXt9eHtjlUT4NKtitxrAg0yAdBGybv0/co7v4HJfQG7EghyZz a9rBnqeAkzt1xg2Vo+BceKLw3Tn83wJv664djCc5sOLH9rGHs5e1QctfsWnYXEtNkviS b5qP5z0j8aHlnjWj4qs7gz1N/j1a3EJD+A3gI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=FtgGnGXQr4uK+o3Vb1hXU1mCe2AnEPnWGiLJnBnr0UD5MIW5i/6ZOwx5q+AtkdNIJZ HfTqBy10J9qxTzMo3pmZTfcmkbvgpCb2Ef3vnIap3W3d2VKWhq0RaroO3c0Prbn/776x D2SHQR8jbwk3yHqWh/7N/DrxnnAueYjgBWOsY=
MIME-Version: 1.0
Received: by 10.101.129.1 with SMTP id g1mr5643248ann.124.1259209859300; Wed, 25 Nov 2009 20:30:59 -0800 (PST)
In-Reply-To: <f98165700911252030xdaa3aa5jfaaa575fd944bab9@mail.gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343785183009@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4B0D3698.8070706@cs.tcd.ie> <90C41DD21FB7C64BB94121FBBC2E72343785209782@P3PW5EX1MB01.EX1.SECURESERVER.NET> <f98165700911252030xdaa3aa5jfaaa575fd944bab9@mail.gmail.com>
Date: Wed, 25 Nov 2009 20:30:59 -0800
Message-ID: <f98165700911252030x3a586c38i82c66b69fe3c0719@mail.gmail.com>
From: Breno <breno.demedeiros@gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: multipart/alternative; boundary="0016e68dd5f25c85ed04793ea442"
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Signature crypto
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2009 04:31:10 -0000

I meant 'John Panzer suggested' rather than 'John Panzer managed'

If I were not in the habit of sending clarification messages I would blame
it on the flu I'm recovering from.

On Wed, Nov 25, 2009 at 8:30 PM, Breno <breno.demedeiros@gmail.com> wrote:

> John Panzer managed that mandated implementation is not the same as
> mandated support. We could require all OAuth compliant libraries to include
> support for a particular hash algorithm (to facilitate interoperability
> testing) but make it clear that no service provider is required to support
> it.
>
> Without a mandatory implemented algorithm it can be difficult to weed out
> bugs by interoperability exercises among different libraries.
>
>
> On Wed, Nov 25, 2009 at 8:19 AM, Eran Hammer-Lahav <eran@hueniverse.com>wrote:
>
>> Mandating a baseline is still something we don't have consensus on. What I
>> meant is that we agreed to allow crypto negotiation and therefore need a way
>> to manage the algorithm names somehow. Looks like the IANA registry
>> mentioned is the way to go.
>>
>> EHL
>>
>> > -----Original Message-----
>> > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
>> > Sent: Wednesday, November 25, 2009 5:52 AM
>> > To: Eran Hammer-Lahav
>> > Cc: OAuth WG (oauth@ietf.org)
>> > Subject: Re: [OAUTH-WG] Signature crypto
>> >
>> >
>> >
>> > Eran Hammer-Lahav wrote:
>> > > I think we have consensus that the spec should not mandate a
>> particular
>> > hash algorithm. This still leave the issue of assigning algorithms short
>> names
>> > for the purpose of negotiation and declaration. Is there a registry
>> available
>> > for such algorithms we can use or do we need to create a new one?
>> >
>> > Sorry to have missed out on the thread where that was discussed, but
>> it'd be
>> > odd for an IETF security spec to not mandate some algorithms and quite
>> likely
>> > to generate comments later in the process if there's no well-defined way
>> to
>> > ensure interop. Do we have that?
>> >
>> > Ta,
>> > S.
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
>
>
> --
> Breno de Medeiros
>
>


-- 
Breno de Medeiros

v2.23.0 | Report a Bug | By Email