IETF Logo Mail Archive

[OAUTH-WG] PKCE/SPOP

John Bradley <ve7jtb@ve7jtb.com> Mon, 02 February 2015 00:07 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D8891A07BE for <oauth@ietfa.amsl.com>; Sun, 1 Feb 2015 16:07:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k6y8FYqrtdN7 for <oauth@ietfa.amsl.com>; Sun, 1 Feb 2015 16:07:09 -0800 (PST)
Received: from mail-qa0-f46.google.com (mail-qa0-f46.google.com [209.85.216.46]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60E301A033B for <oauth@ietf.org>; Sun, 1 Feb 2015 16:07:09 -0800 (PST)
Received: by mail-qa0-f46.google.com with SMTP id j7so27130701qaq.5 for <oauth@ietf.org>; Sun, 01 Feb 2015 16:07:08 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:subject:date:message-id:cc:to :mime-version; bh=AUc/bESw49K5yrurOc5idBL7MjAvK36M6l9UxBHD9lo=; b=CjTLaLyDq9xrsAp1W9L/QsA+wbW4T7r35K5N7IF6Sz8Br51hE20F/6BH1oZFYt11jm YXbnT7YVzU1BIgCEhZoaos7pr5XVi+hCwt6gdiU92LXIx+QStbEt5O0hescEBnOiZ5u2 KZk5iUf9tJajKcSXGR5suUwPMiWJ9aRNqKmhK1KlBENBVFd1ZETXnCE8mNG9ldG8HGmq nldGx5g1OFvJmmCZjPbVPvaByl7l8CgBq3CHCdSwlhEWvZuIV5s3Mg8eJl8ViWZstFvX 4HqVL3X5nIrJ2RwvmYN6UQ3j6j3bfI0UrSVfnyhcEtvNI2tBoh4G78wG7Qit8o7w6Ip8 KJjA==
X-Gm-Message-State: ALoCoQml9/bd75nlCMVLr9wDjolXY9DInqrIYrzgn2SzItuPNVQvNr1W6RdIxlzzolR5Jh/PdHlK
X-Received: by 10.140.16.163 with SMTP id 32mr32407731qgb.22.1422835628346; Sun, 01 Feb 2015 16:07:08 -0800 (PST)
Received: from [192.168.8.100] ([181.202.128.231]) by mx.google.com with ESMTPSA id w107sm10103946qge.5.2015.02.01.16.07.04 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 01 Feb 2015 16:07:05 -0800 (PST)
From: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_FB596A5C-7BBA-49AC-AEB4-32BED7A00D96"; protocol="application/pkcs7-signature"; micalg="sha1"
Date: Sun, 01 Feb 2015 21:07:01 -0300
Message-Id: <5CB2DAD4-1C61-4910-A866-4C18F4A9A3FE@ve7jtb.com>
To: Nat Sakimura <sakimura@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/gXEzG1TAwzM_883TNdSBkAz-V1Y>
Cc: oauth <oauth@ietf.org>
Subject: [OAUTH-WG] PKCE/SPOP
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Feb 2015 00:07:12 -0000

https://bitbucket.org/Nat/oauth-spop/raw/cd8b86496fb59261103143c246658da06e99c225/draft-ietf-oauth-spop-00.txt <https://bitbucket.org/Nat/oauth-spop/raw/cd8b86496fb59261103143c246658da06e99c225/draft-ietf-oauth-spop-00.txt>

I made some edits to the copy in bitbucket.

I changed the reference for unreserved URI characters to RFC3986.  The Base64 spec we were pointing to is slightly different.
The change allows someone in the future to define a new code_challenge_method that would allow a JWT to be valid.
We unintentionally precluded the use of the “.” in code_challenge and code_verifier. 

I also added an appendix B to show the steps of S256 in a way someone could use as a test vector.

Appendix B is a first cut at it so give me feedback, and I can push it to the document tracker later in the week.


John B.

v2.23.0 | Report a Bug | By Email