IETF Logo Mail Archive

[OAUTH-WG] Section 3.2 in draft-sakimura-oauth-tcse-03

Sergey Beryozkin <sberyozkin@gmail.com> Wed, 14 May 2014 11:38 UTC

Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82CD41A0015 for <oauth@ietfa.amsl.com>; Wed, 14 May 2014 04:38:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id byJFGwfhErlT for <oauth@ietfa.amsl.com>; Wed, 14 May 2014 04:38:13 -0700 (PDT)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 0B86B1A006D for <oauth@ietf.org>; Wed, 14 May 2014 04:38:03 -0700 (PDT)
Received: by mail-wg0-f46.google.com with SMTP id n12so1791208wgh.5 for <oauth@ietf.org>; Wed, 14 May 2014 04:37:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=rS0XTTq1E6xUiJ34DaJMr7rRUdUsCXWR+/As49XI4Aw=; b=LIhcC1fvkIZatp3sRnfFjSFJH3x2oKZ9a8xOLzorTXEvjTw5dNUWX40Xe7NQL6xW1n 5m+lW4phxbVimiij5we2HhlcVqNV2YZBL290WsCtfZhvpSHfDV1wcg3aQOkBcuQPa/cX qwzdDaFAbm67ljh6p8ticES35ZDliOlbHmk9aEtvq3qHc+i4KPu5udFKTFhiC39U9NfW HOB32l1j0fUumB3tRqL8gNuSF6cs6bi+bltanw2lDMQ4iH5q5McpoVst+RJPdY87IAKb ZdvbCCpku+ImdOR2Ji8D036befQxzMW3Bue0pTjPU7i1T7KI56W3zcKlMhmI28m5UTrE Ye/Q==
X-Received: by 10.180.13.208 with SMTP id j16mr25431197wic.58.1400067476979; Wed, 14 May 2014 04:37:56 -0700 (PDT)
Received: from [192.168.2.7] ([89.100.139.33]) by mx.google.com with ESMTPSA id ct2sm2162156wjb.33.2014.05.14.04.37.55 for <oauth@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 14 May 2014 04:37:56 -0700 (PDT)
Message-ID: <53735592.1010008@gmail.com>
Date: Wed, 14 May 2014 12:37:54 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: oauth@ietf.org
References: <CA+k3eCTZOheb0HCetS88EXcP-8LJQrYPRuwVcd4NWaWxUAVO1g@mail.gmail.com>
In-Reply-To: <CA+k3eCTZOheb0HCetS88EXcP-8LJQrYPRuwVcd4NWaWxUAVO1g@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/iQ8yGp_uP0uWdXRN88lJ1lEE7LE
Subject: [OAUTH-WG] Section 3.2 in draft-sakimura-oauth-tcse-03
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 11:38:14 -0000

Hi

Section 3.2 [1] mentions that "If the algorithm is
registered, the server MUST reject any request that does not conform
to the algorithm"

I wonder is this text adds anything extra in addition to what Section 
3.7 [2] says where the server is required to reject the request if the 
verifier and the challenge do not match ?

I don't understand how registering the supported algorithms helps given 
that the client only provides a code_verifier

Thanks, Sergey


[1] http://tools.ietf.org/html/draft-sakimura-oauth-tcse-03#section-3.2
[2] http://tools.ietf.org/html/draft-sakimura-oauth-tcse-03#section-3.7

v2.23.0 | Report a Bug | By Email