Re: [OAUTH-WG] MAC Tokens body hash
Barry Leiba <barryleiba@computer.org> Wed, 03 August 2011 00:28 UTC
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1169D11E810F for <oauth@ietfa.amsl.com>; Tue, 2 Aug 2011 17:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.054
X-Spam-Level:
X-Spam-Status: No, score=-103.054 tagged_above=-999 required=5 tests=[AWL=-0.077, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P0R5J6Fx8OMh for <oauth@ietfa.amsl.com>; Tue, 2 Aug 2011 17:28:15 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 79AEC11E810E for <oauth@ietf.org>; Tue, 2 Aug 2011 17:28:15 -0700 (PDT)
Received: by gyd5 with SMTP id 5so215943gyd.31 for <oauth@ietf.org>; Tue, 02 Aug 2011 17:28:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=G9Jrmca4LifFi+xVL+Y3IuGN1M65q+vvHdeULsfVCYU=; b=M3j2y9Pu25TzW5TZan0yu6eOIU5GLrn1myCCrg3zn2ykk6YKxPbimeChePHGNSLTyG dpAOzwN90F4rlmSL3MIy/3+azl49tV/KT7b1na1XG1Ls0hOg4Iz9NNNJ/DEQ10c+tOwH a3tOc9xX2p2rbQ7V+dxjfa9fRI+QkMN8Hqj9E=
MIME-Version: 1.0
Received: by 10.236.189.97 with SMTP id b61mr30671yhn.482.1312331304621; Tue, 02 Aug 2011 17:28:24 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.147.38.7 with HTTP; Tue, 2 Aug 2011 17:28:24 -0700 (PDT)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723450245F63D7@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E723450245F611B@P3PW5EX1MB01.EX1.SECURESERVER.NET> <1312213271.20715.YahooMailNeo@web31813.mail.mud.yahoo.com> <90C41DD21FB7C64BB94121FBBC2E723450245F61F2@P3PW5EX1MB01.EX1.SECURESERVER.NET> <1312214803.15068.YahooMailNeo@web31801.mail.mud.yahoo.com> <62E9072B-6687-4906-9241-717D6EBD8167@oracle.com> <90C41DD21FB7C64BB94121FBBC2E723450245F63D7@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Tue, 02 Aug 2011 20:28:24 -0400
X-Google-Sender-Auth: L6irRFyjWuzsXtFnDWveixWuURE
Message-ID: <CAC4RtVD2JxfYbomwdX=c43bugBQ-82Uymj+B7WK0zhe98HEyXA@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] MAC Tokens body hash
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 00:28:16 -0000
On Tue, Aug 2, 2011 at 2:22 AM, Eran Hammer-Lahav <eran@hueniverse.com> wrote: > I am going to drop both ‘bodyhash’ and ‘ext’, and instead add ‘app’. ‘app’ > allows you to include any data you want. ‘ext’ without an internal format > and register is just asking for trouble, and I have no intention of adding > that level of complexity. There are other proposals in the IETF for full > HTTP message signatures, and I’ll leave these more complex use cases to > them. > > If you can demonstrate actual need (with examples) of both ‘app’ and ‘ext’, > I’m willing to reconsider but you can clearly accomplish the same end result > with just one, application-specific parameter. Just a word of process stuff, here: draft-ietf-oauth-v2-http-mac is a working group document, not an individual submission. That means that the working group decides what gets changed, and we need to see consensus to make a change like this. "I am going to", "I have no intention of", and "I'm willing to reconsider" aren't appropriate. It might be that making this change is the right thing to do, but so far we have no one voicing support for the change (Skylar responded favourably to the initial message, but no one's supported removing "ext" in favour of "app"). Let's have more discussion before any decisions are made. And, in general, for all documents, let's please have editors making suggestions, not pronouncements. Tone is important. Barry, as chair
- [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Phil Hunt
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Phil Hunt
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Skylar Woodward
- Re: [OAUTH-WG] MAC Tokens body hash Barry Leiba
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Phillip Hunt
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Phil Hunt
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash William J. Mills
- Re: [OAUTH-WG] MAC Tokens body hash Eran Hammer-Lahav
- Re: [OAUTH-WG] MAC Tokens body hash Phillip Hunt