Re: [OAUTH-WG] TLS 1.2
Phillip Hunt <phil.hunt@oracle.com> Tue, 16 August 2011 20:29 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10BBB21F85B8 for <oauth@ietfa.amsl.com>; Tue, 16 Aug 2011 13:29:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.514
X-Spam-Level:
X-Spam-Status: No, score=-2.514 tagged_above=-999 required=5 tests=[AWL=-1.311, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6K82tI1OGSoV for <oauth@ietfa.amsl.com>; Tue, 16 Aug 2011 13:29:50 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 3E8EB21F85B1 for <oauth@ietf.org>; Tue, 16 Aug 2011 13:29:50 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by rcsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p7GKUXGH003007 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 16 Aug 2011 20:30:35 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p7GKUXlX015603 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 16 Aug 2011 20:30:33 GMT
Received: from abhmt118.oracle.com (abhmt118.oracle.com [141.146.116.70]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p7GKUREi009953; Tue, 16 Aug 2011 15:30:27 -0500
Received: from [192.168.1.67] (/24.87.204.3) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 16 Aug 2011 13:30:27 -0700
References: <4E458571.1070500@cdatazone.org> <4E4AC6BA.2090007@cdatazone.org> <1313524116.13419.81.camel@ground> <90C41DD21FB7C64BB94121FBBC2E7234502498D1B0@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E4ACD53.2010404@stpeter.im>
In-Reply-To: <4E4ACD53.2010404@stpeter.im>
Mime-Version: 1.0 (iPhone Mail 8L1)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <A7E2D4CF-0816-4A12-8029-36EB00D0F400@oracle.com>
X-Mailer: iPhone Mail (8L1)
From: Phillip Hunt <phil.hunt@oracle.com>
Date: Tue, 16 Aug 2011 13:30:24 -0700
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090201.4E4AD36B.00D3:SCFMA922111,ss=1,re=-4.000,fgs=0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] TLS 1.2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2011 20:29:51 -0000
+1 Phil On 2011-08-16, at 13:04, Peter Saint-Andre <stpeter@stpeter.im> wrote: > How's this? > > The authorization server MUST support Transport Layer Security > (at the time of this writing, the latest version is specified in > [RFC5246]). It MAY support additional transport-layer mechanisms > meeting its security requirements. > > On 8/16/11 1:55 PM, Eran Hammer-Lahav wrote: >> We should relax it. Just need someone to propose new language. >> >> EHL >> >>> -----Original Message----- >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf >>> Of Justin Richer >>> Sent: Tuesday, August 16, 2011 12:49 PM >>> To: Rob Richards >>> Cc: oauth@ietf.org >>> Subject: Re: [OAUTH-WG] TLS 1.2 >>> >>> As I recall, the logic of the group here was something like: >>> >>> "We want transport-layer encryption, so let's grab the latest version of that >>> around, which looks to be TLS 1.2" >>> >>> With that logic in mind, this relaxation makes sense to me. Does anyone >>> remember this requirement differently? >>> >>> -- Justin >>> (who admittedly couldn't tell the difference between SSL and TLS) >>> >>> On Tue, 2011-08-16 at 15:36 -0400, Rob Richards wrote: >>>> I wanted to follow up on this and see if there was any consideration >>>> to relaxing this requirement. Can someone actually point me to a >>>> compliant implementation using TLS 1.2 because after looking at a >>>> number of them, I have yet to find one that does. >>>> >>>> Rob >>>> >>>> On 8/12/11 3:56 PM, Rob Richards wrote: >>>>> The latest draft shows TLS 1.2 as a MUST (sections 3.1 and 3.2). >>>>> Based on a thread about this from last year I was under the >>>>> impression that it was going to be relaxed to a SHOULD with most >>>>> likely TLS 1.0 (or posssibly SSLv3) as a MUST. I think it's a bit >>>>> unrealistic to require >>>>> 1.2 when many systems out there can't support it. IMO this is going >>>>> to be a big stumbling block for people to implement a compliant >>>>> OAuth system. Even PCI doesn't require 1.2. >>>>> >>>>> Rob >>>>> _______________________________________________ >>>>> OAuth mailing list >>>>> OAuth@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>> >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > > -- > Peter Saint-Andre > https://stpeter.im/ > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] TLS 1.2 Rob Richards
- Re: [OAUTH-WG] TLS 1.2 Rob Richards
- Re: [OAUTH-WG] TLS 1.2 Justin Richer
- Re: [OAUTH-WG] TLS 1.2 Eran Hammer-Lahav
- Re: [OAUTH-WG] TLS 1.2 Peter Saint-Andre
- Re: [OAUTH-WG] TLS 1.2 Phillip Hunt
- Re: [OAUTH-WG] TLS 1.2 Rob Richards
- Re: [OAUTH-WG] TLS 1.2 Eran Hammer-Lahav
- Re: [OAUTH-WG] TLS 1.2 Rob Richards
- Re: [OAUTH-WG] TLS 1.2 Lu, Hui-Lan (Huilan)