IETF Logo Mail Archive

Re: [OAUTH-WG] Call for Adoption - OAuth Proof of Possession Tokens with HTTP Message Signature

Dick Hardt <dick.hardt@gmail.com> Fri, 08 October 2021 20:33 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C73A3A084B for <oauth@ietfa.amsl.com>; Fri, 8 Oct 2021 13:33:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.54
X-Spam-Level:
X-Spam-Status: No, score=-0.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y2UBsdrzSEKh for <oauth@ietfa.amsl.com>; Fri, 8 Oct 2021 13:33:54 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 374BA3A0840 for <oauth@ietf.org>; Fri, 8 Oct 2021 13:33:54 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id t9so42758376lfd.1 for <oauth@ietf.org>; Fri, 08 Oct 2021 13:33:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4lXZ27PiyP42eRSbU9khdwOng8IZXuHOReFvFKijLKE=; b=CdHVsAO2LwujRl0b369PfxZhA38PFSJ1x5yoYHbYtijndWQfK1k0NsQeS92tD6yGOs EWUYjP5JMnz8PwXw/C42seGfDzgbF3yjvDB7d6iw0BYfcSPj9quKwfnb7+oCnj/vdZd6 2PbBOI+sDbWN+7f+jSh6QYEk3mmVhf7f0uBl1RK2nwB+fapJp1zvPLy9dUzNRN9JeTFq dNeywMqH5kyU7PyKl4iSPQnAnmgJUw4W4+wTK14r9EG4834dCOh3CnmhZAB2hCG7Fv7n fLmGH9konfyNxenZLR/5ykd8f85h5GuwDDZmk7SBGUEImE0+Qvq/pvIDh1d3G9gWpEdb 2SBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4lXZ27PiyP42eRSbU9khdwOng8IZXuHOReFvFKijLKE=; b=NG6xUMSiNh0HkrhTarc2bFZANsQ5oQWmTRRs9H4EYwNtImquWe4iV6AtSwd0c6jcQ1 Xr5HAP1NKqZ7GMvWoH8H7jhdp0CO3fz8+jOfzCpX+brJqUT0VdWByXG0d54YqZKeDcJc +s/tzgSHqCLoU+hlasW8lq2UNimMFOcOn4EyEXUKQtZEAOXCwkke5nTh0DuJ9Okoe6S+ UPuJiI1Xc3D0VRVSIk/R4H8Av1RnIwbB/K+zS6J8nlPPOCtRbA3DneeLfYDPOzhWamn3 7OeoAHrGB1ruQqJQ6o1s0Lb+1JWoS39S8TU8n1D6f5fxObdusEA99S818mr8lR8Xa2/v V4Yw==
X-Gm-Message-State: AOAM533EOGMyFm4K7bnc0QIf+rFMNHqcHV0vNG88GV28QAgSzKDmdrMo m6b2XvxcuBT6E89BKptytMcGHYO6zLS5IdTs6ss=
X-Google-Smtp-Source: ABdhPJxU9NTW5UO3WBGNKlPIc0UjN0RZbaG3V9cJANvWFGflqXY1VnxSntPKQRN8giOvtOutplLpouHyljJ1CksZXrQ=
X-Received: by 2002:a2e:984d:: with SMTP id e13mr5986483ljj.392.1633725232100; Fri, 08 Oct 2021 13:33:52 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP9QXCEjJmkhBvTHn68kDcJ2Mfg-tSQx1-hvfPoOTXCKzA@mail.gmail.com> <CAGBSGjqasD=eYnsMm7gZB2g+=C4abZoVi7FH4e7EFfgwKdjS8w@mail.gmail.com> <CAD9ie-uH9xGL9orTFxEd=tfhO6Q-S3sDHrQDtU7h0_dr6YeLOg@mail.gmail.com> <EE56CE99-5592-40AF-9BA5-7F3886ED315A@mit.edu> <CAD9ie-t9i1sVLhVhJp-mWSchV_x0b3no7i4qNXvcaQS+8OqCVA@mail.gmail.com> <CAGBSGjrgVbGWwFq6LDX_2Vhv7yQkwtEEjy36GpLj-bN+MtcX-w@mail.gmail.com> <CAD9ie-vJiwBSV71z4_2TJJO7A52mV763XvXmEPsEFgOMFVOwyQ@mail.gmail.com> <D445073E-D495-4250-9773-9AEEB09C01E0@amazon.com>
In-Reply-To: <D445073E-D495-4250-9773-9AEEB09C01E0@amazon.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 08 Oct 2021 13:33:16 -0700
Message-ID: <CAD9ie-t5EBZLtHmmbDQu9iq-d87gf07X5Fes_ZqFts5hDCOOuw@mail.gmail.com>
To: "Richard Backman, Annabelle" <richanna@amazon.com>
Cc: Aaron Parecki <aaron@parecki.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001eba5005cddd4ca6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/mMoz45J2wYhFKEwQqU6tn6liqOU>
Subject: Re: [OAUTH-WG] Call for Adoption - OAuth Proof of Possession Tokens with HTTP Message Signature
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2021 20:33:59 -0000

On Fri, Oct 8, 2021 at 12:39 PM Richard Backman, Annabelle <
richanna@amazon.com> wrote:

>
> Blocking WG development of an OAuth 2.0 profile of Message Signatures
> behind widespread deployment of Message Signatures risks creating a
> deadlock where the WG is waiting for implementations from would-be
> implementers who are waiting for guidance from the WG. Worse, rejecting the
> draft is likely to further discourage these parties from implementing
> Message Signatures, as it suggests the WG is not interested in
> standardizing its usage with OAuth 2.0.


If the main use case for HTTP Signing is the OAuth WG, then effectively the
OAuth WG is developing HTTP Signing and it is not really a general purpose
standard.

IE, if the success of HTTP Signing is tied to the OAuth WG adopting the
draft, then Mike's arguments about the WG already doing this work is valid.



ᐧ

v2.23.0 | Report a Bug | By Email