Re: [OAUTH-WG] Call for Adoption - OAuth Proof of Possession Tokens with HTTP Message Signature
Dick Hardt <dick.hardt@gmail.com> Fri, 08 October 2021 20:33 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C73A3A084B for <oauth@ietfa.amsl.com>; Fri, 8 Oct 2021 13:33:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.54
X-Spam-Level:
X-Spam-Status: No, score=-0.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y2UBsdrzSEKh for <oauth@ietfa.amsl.com>; Fri, 8 Oct 2021 13:33:54 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 374BA3A0840 for <oauth@ietf.org>; Fri, 8 Oct 2021 13:33:54 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id t9so42758376lfd.1 for <oauth@ietf.org>; Fri, 08 Oct 2021 13:33:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4lXZ27PiyP42eRSbU9khdwOng8IZXuHOReFvFKijLKE=; b=CdHVsAO2LwujRl0b369PfxZhA38PFSJ1x5yoYHbYtijndWQfK1k0NsQeS92tD6yGOs EWUYjP5JMnz8PwXw/C42seGfDzgbF3yjvDB7d6iw0BYfcSPj9quKwfnb7+oCnj/vdZd6 2PbBOI+sDbWN+7f+jSh6QYEk3mmVhf7f0uBl1RK2nwB+fapJp1zvPLy9dUzNRN9JeTFq dNeywMqH5kyU7PyKl4iSPQnAnmgJUw4W4+wTK14r9EG4834dCOh3CnmhZAB2hCG7Fv7n fLmGH9konfyNxenZLR/5ykd8f85h5GuwDDZmk7SBGUEImE0+Qvq/pvIDh1d3G9gWpEdb 2SBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4lXZ27PiyP42eRSbU9khdwOng8IZXuHOReFvFKijLKE=; b=NG6xUMSiNh0HkrhTarc2bFZANsQ5oQWmTRRs9H4EYwNtImquWe4iV6AtSwd0c6jcQ1 Xr5HAP1NKqZ7GMvWoH8H7jhdp0CO3fz8+jOfzCpX+brJqUT0VdWByXG0d54YqZKeDcJc +s/tzgSHqCLoU+hlasW8lq2UNimMFOcOn4EyEXUKQtZEAOXCwkke5nTh0DuJ9Okoe6S+ UPuJiI1Xc3D0VRVSIk/R4H8Av1RnIwbB/K+zS6J8nlPPOCtRbA3DneeLfYDPOzhWamn3 7OeoAHrGB1ruQqJQ6o1s0Lb+1JWoS39S8TU8n1D6f5fxObdusEA99S818mr8lR8Xa2/v V4Yw==
X-Gm-Message-State: AOAM533EOGMyFm4K7bnc0QIf+rFMNHqcHV0vNG88GV28QAgSzKDmdrMo m6b2XvxcuBT6E89BKptytMcGHYO6zLS5IdTs6ss=
X-Google-Smtp-Source: ABdhPJxU9NTW5UO3WBGNKlPIc0UjN0RZbaG3V9cJANvWFGflqXY1VnxSntPKQRN8giOvtOutplLpouHyljJ1CksZXrQ=
X-Received: by 2002:a2e:984d:: with SMTP id e13mr5986483ljj.392.1633725232100; Fri, 08 Oct 2021 13:33:52 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP9QXCEjJmkhBvTHn68kDcJ2Mfg-tSQx1-hvfPoOTXCKzA@mail.gmail.com> <CAGBSGjqasD=eYnsMm7gZB2g+=C4abZoVi7FH4e7EFfgwKdjS8w@mail.gmail.com> <CAD9ie-uH9xGL9orTFxEd=tfhO6Q-S3sDHrQDtU7h0_dr6YeLOg@mail.gmail.com> <EE56CE99-5592-40AF-9BA5-7F3886ED315A@mit.edu> <CAD9ie-t9i1sVLhVhJp-mWSchV_x0b3no7i4qNXvcaQS+8OqCVA@mail.gmail.com> <CAGBSGjrgVbGWwFq6LDX_2Vhv7yQkwtEEjy36GpLj-bN+MtcX-w@mail.gmail.com> <CAD9ie-vJiwBSV71z4_2TJJO7A52mV763XvXmEPsEFgOMFVOwyQ@mail.gmail.com> <D445073E-D495-4250-9773-9AEEB09C01E0@amazon.com>
In-Reply-To: <D445073E-D495-4250-9773-9AEEB09C01E0@amazon.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 08 Oct 2021 13:33:16 -0700
Message-ID: <CAD9ie-t5EBZLtHmmbDQu9iq-d87gf07X5Fes_ZqFts5hDCOOuw@mail.gmail.com>
To: "Richard Backman, Annabelle" <richanna@amazon.com>
Cc: Aaron Parecki <aaron@parecki.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001eba5005cddd4ca6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/mMoz45J2wYhFKEwQqU6tn6liqOU>
Subject: Re: [OAUTH-WG] Call for Adoption - OAuth Proof of Possession Tokens with HTTP Message Signature
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2021 20:33:59 -0000
On Fri, Oct 8, 2021 at 12:39 PM Richard Backman, Annabelle < richanna@amazon.com> wrote: > > Blocking WG development of an OAuth 2.0 profile of Message Signatures > behind widespread deployment of Message Signatures risks creating a > deadlock where the WG is waiting for implementations from would-be > implementers who are waiting for guidance from the WG. Worse, rejecting the > draft is likely to further discourage these parties from implementing > Message Signatures, as it suggests the WG is not interested in > standardizing its usage with OAuth 2.0. If the main use case for HTTP Signing is the OAuth WG, then effectively the OAuth WG is developing HTTP Signing and it is not really a general purpose standard. IE, if the success of HTTP Signing is tied to the OAuth WG adopting the draft, then Mike's arguments about the WG already doing this work is valid. ᐧ
- [OAUTH-WG] Call for Adoption - OAuth Proof of Pos… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Aaron Parecki
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Dick Hardt
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Justin Richer
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Justin Richer
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Dick Hardt
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Justin Richer
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Aaron Parecki
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Dick Hardt
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Denis
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Warren Parad
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Neil Madden
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Ash Narayanan
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Aaron Parecki
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Richard Backman, Annabelle
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Mike Jones
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Richard Backman, Annabelle
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Justin Richer
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Richard Backman, Annabelle
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Domingos Creado
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Dick Hardt
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Dick Hardt
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Mike Jones
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Richard Backman, Annabelle
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Warren Parad
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Richard Backman, Annabelle
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Richard Backman, Annabelle
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Dick Hardt
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Warren Parad
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… David Waite
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Richard Backman, Annabelle
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Warren Parad
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: Call for A… Richard Backman, Annabelle
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Call for Adopt… David Waite
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Call for Adopt… Warren Parad
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… David Waite
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Warren Parad
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: Call for A… Richard Backman, Annabelle
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Call for Adopt… Richard Backman, Annabelle
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Call for Adopt… Richard Backman, Annabelle
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Call for Adopt… Warren Parad
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Call for Adopt… Justin Richer
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Justin Richer
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Warren Parad
- Re: [OAUTH-WG] Call for Adoption - OAuth Proof of… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Call for Adopt… Dick Hardt
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Call for Adopt… Justin Richer
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Call for Adopt… Dick Hardt