Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-mac-01
William Mills <wmills_92105@yahoo.com> Thu, 09 August 2012 20:47 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 898EC21F8678 for <oauth@ietfa.amsl.com>; Thu, 9 Aug 2012 13:47:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x36lN6J2DCrl for <oauth@ietfa.amsl.com>; Thu, 9 Aug 2012 13:47:37 -0700 (PDT)
Received: from nm31-vm6.bullet.mail.ne1.yahoo.com (nm31-vm6.bullet.mail.ne1.yahoo.com [98.138.229.46]) by ietfa.amsl.com (Postfix) with SMTP id B617721F8670 for <oauth@ietf.org>; Thu, 9 Aug 2012 13:47:37 -0700 (PDT)
Received: from [98.138.90.52] by nm31.bullet.mail.ne1.yahoo.com with NNFMP; 09 Aug 2012 20:47:32 -0000
Received: from [98.138.88.234] by tm5.bullet.mail.ne1.yahoo.com with NNFMP; 09 Aug 2012 20:47:32 -0000
Received: from [127.0.0.1] by omp1034.mail.ne1.yahoo.com with NNFMP; 09 Aug 2012 20:47:32 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 333258.67451.bm@omp1034.mail.ne1.yahoo.com
Received: (qmail 44245 invoked by uid 60001); 9 Aug 2012 20:47:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1344545251; bh=AhkZlgX2vZf1eVZ7qBx70GllnlNSYD/n9dJl/7QoixY=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=xYocGMd8FXuz6zCUgyj6diqzjyovSpXdPSxgioV6O+CHCLFrVW4UEdRmtfjLTA/TiHbma7Uyq/xrYJGRS7I2AEuiUFMeI2L/t6KTOCEn7vdD4fEpYYGvwTGd/nxxK4Pwjyb07eevTtBF227eyeGkoL7mfLRAlxznfviUy/ZV2OI=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=0f2oXPwHAAVl0vBxIUfyVT8Th2j2/xKz0JxQ147OzXLz6Q0Jk7WoOgpPMThdTi5mHFde0Dv58d9UPqO2bRtJNi2PH4Im74l99pmvY4ojWJqgv2D4HUj1TYriEcoEDoy7pZ/7dwCwoCx9KjTHoLL4uJXo0BdTXT1cHagMiilhLTo=;
X-YMail-OSG: wjJpEpQVM1ka6JuDmh52NDfa88g9ljVXuGUHS3m6Tj2RZme ILC94q4q0hPgRRykgy8YbrVuEXDZS5rKfAhHXOxWm8EWGzr4Olg40g_GanQA WIT44uvPPbmlEuz71x9QpyVOR0_x6qPcZ8UerI0_d1rxX.bxHdeOO3G6NqS7 hFiwiEpysO6TKPgm7alR_RU00XnC08Dv1xQJDQkji3EDOTkWnrLIZKRrc_lF LEd4dAZpETEXHk6jxbj3v8E1hMaUhiTollyCQbsKQVmjMkmMQpgHlUIbstLV z.r8bvCBk_a_bSqYlPXrhoESJLt3qZT.aPmjN93CqsASd_sQVYVK9it04Z2j zwaq6k3P8i2Canuf0EFIgpgtHLLahlBQejs8iHFwPzoIJQaiclNsk970x4i9 W2o9gaP6KtMQvU6oVoQWLN2SNnGVpD39iSnI.65O3e7FtMsLz5QuTP8ka3VS z9ioJBX15oqbLd8nlf52VePz1.xzZln8HZf6LzIF32hacs80R_wEVn8PfjCG OyQ--
Received: from [209.131.62.113] by web31801.mail.mud.yahoo.com via HTTP; Thu, 09 Aug 2012 13:47:30 PDT
X-Mailer: YahooMailWebService/0.8.120.356233
References: <CAOKdZ1dzVcKBDt6CSLuHwc4NzUVd_hUMWdpJVS6=ncdJo05=UQ@mail.gmail.com> <502280D8.40708@mitre.org> <9AD4EEF7-6187-4A4F-A855-32819BCB8321@gmx.net> <5022D344.40600@mitre.org> <EEBC9705-16C0-4697-8F38-28660C3CB553@ve7jtb.com> <5023CC18.9090809@mitre.org> <1344531175.4871.YahooMailNeo@web31812.mail.mud.yahoo.com> <3940317E-948C-4909-9B8F-2689A6B8D4EB@gmail.com> <1344534823.39489.YahooMailNeo@web31801.mail.mud.yahoo.com> <E3386483-222B-4B71-ADD4-0E8C0C0E18ED@gmail.com>
Message-ID: <1344545250.38511.YahooMailNeo@web31801.mail.mud.yahoo.com>
Date: Thu, 09 Aug 2012 13:47:30 -0700
From: William Mills <wmills_92105@yahoo.com>
To: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <E3386483-222B-4B71-ADD4-0E8C0C0E18ED@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-368338466-1763934022-1344545250=:38511"
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-mac-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Aug 2012 20:47:38 -0000
Mostly it's around making sure you get the signature base string constructed right in my experience. ________________________________ From: Dick Hardt <dick.hardt@gmail.com> To: William Mills <wmills_92105@yahoo.com> Cc: Dick Hardt <dick.hardt@gmail.com>; "oauth@ietf.org" <oauth@ietf.org> Sent: Thursday, August 9, 2012 12:48 PM Subject: Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-mac-01 As an implementer, I have an app that accesses 10 different resources. Some are OAuth 1.0A, some are a variant of OAuth 2. All have a slightly different code path since each resource is its own beautiful snowflake. I did not use any libraries for OAuth 2. Supporting MAC would give me yet another library to integrate with. I'd be interested in what signing problems OAuth 1.0A has. I have my own list of how writing to OAuth 1.0A is hard. On Aug 9, 2012, at 10:53 AM, William Mills wrote: MAC fixes the signing problems encountered in OAuth 1.0a, yes there are libraries out there for OAuth 1.0a. MAC fits in to the OAuth 2 auth model and will provide for a single codepath for sites that want to use both Bearer and MAC. > > > >________________________________ > From: Dick Hardt <dick.hardt@gmail.com> >To: William Mills <wmills_92105@yahoo.com> >Cc: "oauth@ietf.org" <oauth@ietf.org> >Sent: Thursday, August 9, 2012 10:27 Aa >Subject: Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-mac-01 > > > > >On Aug 9, 2012, at 9:52 AM, William Mills wrote: > >I find the idea of starting from scratch frustrating. MAC solves a set of specific problems and has a well defined use case. It's symmetric key based which doesn't work for some folks, and the question is do we try to develop something that supports both PK and SK, or finish the SK use case and then work on a PK based draft. >> >> >>I think it's better to leave them separate and finish out MAC which is *VERY CLOSE* to being done. > >Who is interested in MAC? People can use OAuth 1.0 if they prefer that model. > > >For my projects, I prefer the flexibility of a signed or encrypted JWT if I need holder of key. > > >Just my $.02 > > >-- Dick > > >
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-ma… Justas Janauskas
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Hannes Tschofenig
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Phil Hunt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… John Bradley
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Tom Brown
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… John Bradley
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Stephen Farrell
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… prateek mishra
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Sergey Beryozkin
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… George Fletcher
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… David Waite
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… John Bradley
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Hannes Tschofenig
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Hannes Tschofenig
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Richer, Justin P.
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Richer, Justin P.
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Richer, Justin P.
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Rob Richards
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… John Bradley
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Sergey Beryozkin
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer