IETF Logo Mail Archive

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

Brian Campbell <bcampbell@pingidentity.com> Mon, 30 April 2018 21:20 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFF7D12D874 for <oauth@ietfa.amsl.com>; Mon, 30 Apr 2018 14:20:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0WxQhmfMkbED for <oauth@ietfa.amsl.com>; Mon, 30 Apr 2018 14:20:29 -0700 (PDT)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3D24127275 for <oauth@ietf.org>; Mon, 30 Apr 2018 14:20:29 -0700 (PDT)
Received: by mail-io0-x22b.google.com with SMTP id r9-v6so11799555iod.6 for <oauth@ietf.org>; Mon, 30 Apr 2018 14:20:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=nLM132QxT2We8YL96rwVYkaH9JKdblRzZYqvwZcI+T0=; b=jmAvQDDch3boxK6zBDhKqMt8pjC4Cry8iK2oevgRvdcTZ7Tzvgr/DWHvzxCfd8iF47 8NbWrLh/8z9ccXChQuP1uJb5z1qcZRmlQJ7jkp1qh0aaBg+tAWo+tLAjxMAIT5IBq8Dl lYsSTYjLXEUp2bRXH6EG+f0Laie4XHPWnRw3I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=nLM132QxT2We8YL96rwVYkaH9JKdblRzZYqvwZcI+T0=; b=Iyyx4KFwDyQ6JVYwDh1+knBvOaEOM8/mRyJsyXknDuRBjitWGlfuJ1fW74DWdkoQ3V J2N7xdkjd/tST+KpyTwUDoR02lLpLmBi0IFKqT+m4Lj5TW+MWxvR5Rhzl2C9ddduggwd 6QPYWHxOHBG0FVCRJhzS9g6RFXw7wPtYbbJsoKXSuKDmA8vrjsGKUXhNor3erptIaN// +SFR9Mz6N8o03aPNhur4h4xOCHIE8hGyg4Hx+PxfRWDogXfq6TU1VWvPz38bb7jQ6GKM Un26MJ0KPAHQtnBjmyfXEr76Fma+Yqw7k8n6ZhJl1UoeebjGnMUg72Qb2jvu4sY8CipY OISg==
X-Gm-Message-State: ALQs6tA4i4D+ck2j7dBLxXdpOTbv5KYG4+C0+Paujk1T0I62a4ONREkh InsXnKAJM5hLMzl9sbFpByLQ8eLekFcP07DngFd+nFvETHHcJHXUd9h+bq5fEbut6euW7e2nG+p yyUEr7lHcvPL96Q==
X-Google-Smtp-Source: AB8JxZq68QTshSLOM94y8Idz4K+B0yC9Tzln8OyOOufieaRnhDIRpR+1SCGi1/1WTIXoxPOS/7aXLduBQIEqGnKXpX0=
X-Received: by 2002:a6b:591:: with SMTP id 139-v6mr12831321iof.282.1525123228920; Mon, 30 Apr 2018 14:20:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:144a:0:0:0:0:0 with HTTP; Mon, 30 Apr 2018 14:19:58 -0700 (PDT)
In-Reply-To: <67CFD0C0-B5D9-4C85-BC53-87C582E93448@forgerock.com>
References: <CAGL6epK7X-jbO0c8GTxm2cAesYwU19R5_GsFY4tpUYxjW-MF_w@mail.gmail.com> <4D385B9E-AA8F-45B3-8C1D-C7B346FFA649@forgerock.com> <CA+k3eCRRUN0_+dVrRabjCrseV0C15wvKmY3jJQ4-eQqhZ2NUQQ@mail.gmail.com> <5758ae34-1d2d-4946-9190-7a2e2bc184d2@Canary> <9A56706A-5369-4F79-A8BB-74B15C37DFB9@ve7jtb.com> <CA+k3eCSTy7wqEOXxuoS4bCcQm=pfLTMMO+p4macVJ8p9wmfb7w@mail.gmail.com> <29445085-003F-45D4-A9E2-E23EFEE5A885@ve7jtb.com> <327DA0FA-96E4-4ECF-A7FF-AF6384B4D164@forgerock.com> <CA+k3eCQQU-7CjY8Rm0wEzi2xUr+TL1yeCtLCtbbJJm9ujHX2DA@mail.gmail.com> <CAANoGhL51NEFUcACvWNQqz8uFKLM3pE=gp_r=o0kSjjf=kRdkA@mail.gmail.com> <67CFD0C0-B5D9-4C85-BC53-87C582E93448@forgerock.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 30 Apr 2018 15:19:58 -0600
Message-ID: <CA+k3eCTFDWB9L9ZwE5mAfh=fDVhuWUt5KXbOTUPi7TjWpgXrww@mail.gmail.com>
To: Neil Madden <neil.madden@forgerock.com>
Cc: John Bradley <ve7jtb@ve7jtb.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004c8d08056b176cfa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ecCxmLFOdV9qIETXkRyjS3l4abA>
Subject: Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Apr 2018 21:20:32 -0000

On Mon, Apr 30, 2018 at 9:57 AM, Neil Madden <neil.madden@forgerock.com>
wrote:

>
> > On 30 Apr 2018, at 15:07, John Bradley <ve7jtb@ve7jtb.com> wrote:
>
> > My concern is that people will see a bigger number and decide it is
> better if we define it in the spec.
> > We may be getting people to do additional work and increasing token size
> without a good reason by putting it in the spec directly.
>
> I’m not sure why this is a concern. As previously pointed out, SHA-512 is
> often *faster* than SHA-256, and an extra 32 bytes doesn’t seem worth
> worrying about.
>

Seems like maybe it's worth noting that with JWT, where size can be a
legitimate constraint, those extra bytes end up being base64 encoded
twice.

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.23.0 | Report a Bug | By Email