IETF Logo Mail Archive

Re: [OAUTH-WG] AD review of -22

John Bradley <ve7jtb@ve7jtb.com> Wed, 02 November 2011 20:06 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6F451F0CBC for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 13:06:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.526
X-Spam-Level:
X-Spam-Status: No, score=-3.526 tagged_above=-999 required=5 tests=[AWL=0.073, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJ4NATzmy7fx for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 13:06:56 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id C1E0B1F0CA9 for <oauth@ietf.org>; Wed, 2 Nov 2011 13:06:55 -0700 (PDT)
Received: by ggnv1 with SMTP id v1so566362ggn.31 for <oauth@ietf.org>; Wed, 02 Nov 2011 13:06:55 -0700 (PDT)
Received: by 10.146.159.14 with SMTP id h14mr1512970yae.4.1320264415155; Wed, 02 Nov 2011 13:06:55 -0700 (PDT)
Received: from [192.168.1.213] ([190.22.4.104]) by mx.google.com with ESMTPS id l27sm10118574ani.21.2011.11.02.13.06.53 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 02 Nov 2011 13:06:54 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: multipart/signed; boundary="Apple-Mail=_547BD3C2-7528-47CD-B61F-5B5C875F3598"; protocol="application/pkcs7-signature"; micalg="sha1"
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <4EB19DD1.6050904@lodderstedt.net>
Date: Wed, 02 Nov 2011 17:06:48 -0300
Message-Id: <5E3E5DFE-C122-4D89-9578-61A6C16EBD76@ve7jtb.com>
References: <4E971C36.7050000@cs.tcd.ie> <4EB19DD1.6050904@lodderstedt.net>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
X-Mailer: Apple Mail (2.1251.1)
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] AD review of -22
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 20:06:56 -0000

+1
On 2011-11-02, at 4:45 PM, Torsten Lodderstedt wrote:

> Hi Stephen,
> 
> I'm concerned about your proposal (7) to make support for MAC a MUST for clients and BEARER a MAY only. In my opinion, this does not reflect the group's consensus. Beside this, the security threat analysis justifies usage of BEARER for nearly all use cases as long as HTTPS (incl. server authentication) can be utilized.
> regards,
> Torsten.
> 
> Am 13.10.2011 19:13, schrieb Stephen Farrell:
>> 
>> 
>> Hi all, 
>> 
>> Sorry for having been quite slow with this, but I had a bunch 
>> of travel recently. 
>> 
>> Anyway, my AD comments on -22 are attached. I think that the 
>> first list has the ones that need some change before we push 
>> this out for IETF LC, there might or might not be something 
>> to change as a result of the 2nd list of questions and the 
>> rest are really nits can be handled either now or later. 
>> 
>> Thanks for all your work on this so far - its nearly there 
>> IMO and we should be able to get the IETF LC started once 
>> these few things are dealt with. 
>> 
>> Cheers, 
>> S. 
>> 
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email