IETF Logo Mail Archive

Re: [OAUTH-WG] TLS 1.2

Phillip Hunt <phil.hunt@oracle.com> Tue, 16 August 2011 20:29 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10BBB21F85B8 for <oauth@ietfa.amsl.com>; Tue, 16 Aug 2011 13:29:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.514
X-Spam-Level:
X-Spam-Status: No, score=-2.514 tagged_above=-999 required=5 tests=[AWL=-1.311, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6K82tI1OGSoV for <oauth@ietfa.amsl.com>; Tue, 16 Aug 2011 13:29:50 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 3E8EB21F85B1 for <oauth@ietf.org>; Tue, 16 Aug 2011 13:29:50 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by rcsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p7GKUXGH003007 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 16 Aug 2011 20:30:35 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p7GKUXlX015603 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 16 Aug 2011 20:30:33 GMT
Received: from abhmt118.oracle.com (abhmt118.oracle.com [141.146.116.70]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p7GKUREi009953; Tue, 16 Aug 2011 15:30:27 -0500
Received: from [192.168.1.67] (/24.87.204.3) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 16 Aug 2011 13:30:27 -0700
References: <4E458571.1070500@cdatazone.org> <4E4AC6BA.2090007@cdatazone.org> <1313524116.13419.81.camel@ground> <90C41DD21FB7C64BB94121FBBC2E7234502498D1B0@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E4ACD53.2010404@stpeter.im>
In-Reply-To: <4E4ACD53.2010404@stpeter.im>
Mime-Version: 1.0 (iPhone Mail 8L1)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <A7E2D4CF-0816-4A12-8029-36EB00D0F400@oracle.com>
X-Mailer: iPhone Mail (8L1)
From: Phillip Hunt <phil.hunt@oracle.com>
Date: Tue, 16 Aug 2011 13:30:24 -0700
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090201.4E4AD36B.00D3:SCFMA922111,ss=1,re=-4.000,fgs=0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] TLS 1.2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2011 20:29:51 -0000

+1

Phil

On 2011-08-16, at 13:04, Peter Saint-Andre <stpeter@stpeter.im> wrote:

> How's this?
> 
>   The authorization server MUST support Transport Layer Security
>   (at the time of this writing, the latest version is specified in
>   [RFC5246]). It MAY support additional transport-layer mechanisms
>   meeting its security requirements.
> 
> On 8/16/11 1:55 PM, Eran Hammer-Lahav wrote:
>> We should relax it. Just need someone to propose new language.
>> 
>> EHL
>> 
>>> -----Original Message-----
>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
>>> Of Justin Richer
>>> Sent: Tuesday, August 16, 2011 12:49 PM
>>> To: Rob Richards
>>> Cc: oauth@ietf.org
>>> Subject: Re: [OAUTH-WG] TLS 1.2
>>> 
>>> As I recall, the logic of the group here was something like:
>>> 
>>> "We want transport-layer encryption, so let's grab the latest version of that
>>> around, which looks to be TLS 1.2"
>>> 
>>> With that logic in mind, this relaxation makes sense to me. Does anyone
>>> remember this requirement differently?
>>> 
>>> -- Justin
>>>    (who admittedly couldn't tell the difference between SSL and TLS)
>>> 
>>> On Tue, 2011-08-16 at 15:36 -0400, Rob Richards wrote:
>>>> I wanted to follow up on this and see if there was any consideration
>>>> to relaxing this requirement. Can someone actually point me to a
>>>> compliant implementation using TLS 1.2 because after looking at a
>>>> number of them, I have yet to find one that does.
>>>> 
>>>> Rob
>>>> 
>>>> On 8/12/11 3:56 PM, Rob Richards wrote:
>>>>> The latest draft shows TLS 1.2 as a MUST (sections 3.1 and 3.2).
>>>>> Based on a thread about this from last year I was under the
>>>>> impression that it was going to be relaxed to a SHOULD with most
>>>>> likely TLS 1.0 (or posssibly SSLv3) as a MUST. I think it's a bit
>>>>> unrealistic to require
>>>>> 1.2 when many systems out there can't support it. IMO this is going
>>>>> to be a big stumbling block for people to implement a compliant
>>>>> OAuth system. Even PCI doesn't require 1.2.
>>>>> 
>>>>> Rob
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>> 
>>>> 
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> 
>>> 
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> -- 
> Peter Saint-Andre
> https://stpeter.im/
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email