[OAUTH-WG] HTTP signing spec and nonce

"Brock Allen" <brockallen@gmail.com> Fri, 26 February 2016 14:50 UTC

Return-Path: <brockallen@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 647C61B2D53 for <oauth@ietfa.amsl.com>; Fri, 26 Feb 2016 06:50:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.599
X-Spam-Level:
X-Spam-Status: No, score=-0.599 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kt6wNUxiRDkL for <oauth@ietfa.amsl.com>; Fri, 26 Feb 2016 06:50:15 -0800 (PST)
Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com [IPv6:2607:f8b0:400e:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10E001B2D52 for <OAuth@ietf.org>; Fri, 26 Feb 2016 06:50:15 -0800 (PST)
Received: by mail-pa0-x231.google.com with SMTP id yy13so52154708pab.3 for <OAuth@ietf.org>; Fri, 26 Feb 2016 06:50:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:mime-version:thread-index :content-language; bh=6JN5KgcWIxMuZolh19M1FBOk+iwat2OOICi7v6Nj8rU=; b=mDSYLLR+0K7A/hr6+0siI9JcimYs/zg2Q/+T/mlL5hqEZCTG40Up3w1Tnf9CuM6Mcb NN7KLcR2fRilAMSqYkTJO4OMqXqfUsJW2S9XTudrp7XqufOeoJX7dZRqKO3JLK58drpz 1JAuWKGLDYYJQYr/QKzKHctFVQXcBZtsVN604r1RpX0p6B9ZiUz7nwKlh/CRCjYLA1TA LNSAD6hQ7JX8Swq9l7zAvhVaZi/egkgBdDykKD7674yF58u8EUB4vA8d3gryCTiOEfM+ zENIBmnn5KGRiBgDDqeDTOE2FwcCXNhx9PCSREcQik+mPPgFZTzkikJS3juvFIbCHws8 5sKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :thread-index:content-language; bh=6JN5KgcWIxMuZolh19M1FBOk+iwat2OOICi7v6Nj8rU=; b=ANXGuOv0rl6bP/d0dK2NB35d/OisSKUA2iVRrNH2r/4ORkp6r08lq/5tGHykJ17T1e MxC+9zVPhGYgUlPQoN3jp9KXQx76vNvkDaPCajIXiBrtN4XJ4RfwDqvT+2jbIS7db6Jl qOupTc1Q+vyKVkOpSBxcYUX5+zleRl71woQkK1D2t6DiEF/S392YnwBDp7n+Zl+V+7y0 sbzzvnex0rk6A3iiTr5NPfhYiQCaHdk0Xx+sfZ8DTkJI9JxNcwa/8Tr9hEKJAhCI8OD3 zpXUqTxuGZ0HTu9aSiUDaA8YGF9KCMj9qITeB0lUPOric1ZpuKm2G2Y+1/69ztLQPI3/ e0vw==
X-Gm-Message-State: AD7BkJLAEG5LDN4UZOSv+sFa2lp0dS7pJPvGtJFzVL9cwIrumEN/tlyOijTXvm6r65dXLw==
X-Received: by 10.66.150.170 with SMTP id uj10mr2513523pab.91.1456498214692; Fri, 26 Feb 2016 06:50:14 -0800 (PST)
Received: from monk (ip68-9-116-135.ri.ri.cox.net. [68.9.116.135]) by smtp.gmail.com with ESMTPSA id vy6sm20018639pac.38.2016.02.26.06.50.12 for <OAuth@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Fri, 26 Feb 2016 06:50:13 -0800 (PST)
From: "Brock Allen" <brockallen@gmail.com>
To: <OAuth@ietf.org>
Date: Fri, 26 Feb 2016 09:49:54 -0500
Message-ID: <008201d170a4$f5216910$df643b30$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0083_01D1707B.0C4BFD50"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdFwpNhDZHY7YaWBTMm0eUjuaPDRiA==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/U1F0foSzrCMqvPV58tmrrpf-RKk>
Subject: [OAUTH-WG] HTTP signing spec and nonce
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2016 14:50:16 -0000

Question about the HTTP signing spec - why is there no nonce (and just a
timestamp)?

 

TIA

 

-Brock