Re: [OAUTH-WG] Signature crypto
Breno <breno.demedeiros@gmail.com> Thu, 26 November 2009 04:31 UTC
Return-Path: <breno.demedeiros@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4FEB93A6B68 for <oauth@core3.amsl.com>; Wed, 25 Nov 2009 20:31:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNs9t2cHzO+M for <oauth@core3.amsl.com>; Wed, 25 Nov 2009 20:31:09 -0800 (PST)
Received: from mail-yw0-f185.google.com (mail-yw0-f185.google.com [209.85.211.185]) by core3.amsl.com (Postfix) with ESMTP id 314EB3A69BE for <oauth@ietf.org>; Wed, 25 Nov 2009 20:31:09 -0800 (PST)
Received: by ywh15 with SMTP id 15so371817ywh.5 for <oauth@ietf.org>; Wed, 25 Nov 2009 20:31:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=nsjoLZ7sM6rE/WpCy9yBAc6Q3JWcLdSb5O63ayccn8g=; b=P2tu/6+nJeH2CbDZMOXt9eHtjlUT4NKtitxrAg0yAdBGybv0/co7v4HJfQG7EghyZz a9rBnqeAkzt1xg2Vo+BceKLw3Tn83wJv664djCc5sOLH9rGHs5e1QctfsWnYXEtNkviS b5qP5z0j8aHlnjWj4qs7gz1N/j1a3EJD+A3gI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=FtgGnGXQr4uK+o3Vb1hXU1mCe2AnEPnWGiLJnBnr0UD5MIW5i/6ZOwx5q+AtkdNIJZ HfTqBy10J9qxTzMo3pmZTfcmkbvgpCb2Ef3vnIap3W3d2VKWhq0RaroO3c0Prbn/776x D2SHQR8jbwk3yHqWh/7N/DrxnnAueYjgBWOsY=
MIME-Version: 1.0
Received: by 10.101.129.1 with SMTP id g1mr5643248ann.124.1259209859300; Wed, 25 Nov 2009 20:30:59 -0800 (PST)
In-Reply-To: <f98165700911252030xdaa3aa5jfaaa575fd944bab9@mail.gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343785183009@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4B0D3698.8070706@cs.tcd.ie> <90C41DD21FB7C64BB94121FBBC2E72343785209782@P3PW5EX1MB01.EX1.SECURESERVER.NET> <f98165700911252030xdaa3aa5jfaaa575fd944bab9@mail.gmail.com>
Date: Wed, 25 Nov 2009 20:30:59 -0800
Message-ID: <f98165700911252030x3a586c38i82c66b69fe3c0719@mail.gmail.com>
From: Breno <breno.demedeiros@gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: multipart/alternative; boundary="0016e68dd5f25c85ed04793ea442"
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Signature crypto
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2009 04:31:10 -0000
I meant 'John Panzer suggested' rather than 'John Panzer managed' If I were not in the habit of sending clarification messages I would blame it on the flu I'm recovering from. On Wed, Nov 25, 2009 at 8:30 PM, Breno <breno.demedeiros@gmail.com> wrote: > John Panzer managed that mandated implementation is not the same as > mandated support. We could require all OAuth compliant libraries to include > support for a particular hash algorithm (to facilitate interoperability > testing) but make it clear that no service provider is required to support > it. > > Without a mandatory implemented algorithm it can be difficult to weed out > bugs by interoperability exercises among different libraries. > > > On Wed, Nov 25, 2009 at 8:19 AM, Eran Hammer-Lahav <eran@hueniverse.com>wrote: > >> Mandating a baseline is still something we don't have consensus on. What I >> meant is that we agreed to allow crypto negotiation and therefore need a way >> to manage the algorithm names somehow. Looks like the IANA registry >> mentioned is the way to go. >> >> EHL >> >> > -----Original Message----- >> > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] >> > Sent: Wednesday, November 25, 2009 5:52 AM >> > To: Eran Hammer-Lahav >> > Cc: OAuth WG (oauth@ietf.org) >> > Subject: Re: [OAUTH-WG] Signature crypto >> > >> > >> > >> > Eran Hammer-Lahav wrote: >> > > I think we have consensus that the spec should not mandate a >> particular >> > hash algorithm. This still leave the issue of assigning algorithms short >> names >> > for the purpose of negotiation and declaration. Is there a registry >> available >> > for such algorithms we can use or do we need to create a new one? >> > >> > Sorry to have missed out on the thread where that was discussed, but >> it'd be >> > odd for an IETF security spec to not mandate some algorithms and quite >> likely >> > to generate comments later in the process if there's no well-defined way >> to >> > ensure interop. Do we have that? >> > >> > Ta, >> > S. >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > > > -- > Breno de Medeiros > > -- Breno de Medeiros
- [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Peter Saint-Andre
- Re: [OAUTH-WG] Signature crypto Stephen Farrell
- Re: [OAUTH-WG] Signature crypto Infinity Linden (Meadhbh Hamrick)
- Re: [OAUTH-WG] Signature crypto Hubert Le Van Gong
- Re: [OAUTH-WG] Signature crypto Vrancken Bart bv
- Re: [OAUTH-WG] Signature crypto Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Stephen Farrell
- Re: [OAUTH-WG] Signature crypto Stephen Farrell
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Infinity Linden (Meadhbh Hamrick)
- Re: [OAUTH-WG] Signature crypto John Kemp
- Re: [OAUTH-WG] Signature crypto Brian Eaton
- Re: [OAUTH-WG] Signature crypto Ben Laurie
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Manger, James H
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Brian Eaton
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Stephen Farrell
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Brian Eaton
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Paul C. Bryan
- Re: [OAUTH-WG] Signature crypto stephen.farrell
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Eran Hammer-Lahav
- Re: [OAUTH-WG] Signature crypto Richard Barnes
- Re: [OAUTH-WG] Signature crypto Breno
- Re: [OAUTH-WG] Signature crypto Richard L. Barnes