IETF Logo Mail Archive

Re: [OAUTH-WG] proposal for signatures

"William Mills" <wmills@yahoo-inc.com> Fri, 25 June 2010 18:37 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3EC293A67E7 for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:37:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.995
X-Spam-Level:
X-Spam-Status: No, score=-16.995 tagged_above=-999 required=5 tests=[AWL=0.270, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StIj1QVX6Fqq for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:36:59 -0700 (PDT)
Received: from mrout2-b.corp.re1.yahoo.com (mrout2-b.corp.re1.yahoo.com [69.147.107.21]) by core3.amsl.com (Postfix) with ESMTP id 7A26B3A6928 for <oauth@ietf.org>; Fri, 25 Jun 2010 11:36:59 -0700 (PDT)
Received: from SNV-EXPF01.ds.corp.yahoo.com (snv-expf01.ds.corp.yahoo.com [207.126.227.250]) by mrout2-b.corp.re1.yahoo.com (8.13.8/8.13.8/y.out) with ESMTP id o5PIa3Og094650; Fri, 25 Jun 2010 11:36:04 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; s=serpent; d=yahoo-inc.com; c=nofws; q=dns; h=received:x-mimeole:content-class:mime-version: content-type:content-transfer-encoding:subject:date:message-id: in-reply-to:x-ms-has-attach:x-ms-tnef-correlator:thread-topic: thread-index:references:from:to:cc:x-originalarrivaltime; b=CMon7j7SX2c/hv0vuSer8hiXrxoiPvDUTIF9W1SawRFEdMldCG+nO5PxtuYtWuGq
Received: from SNV-EXVS08.ds.corp.yahoo.com ([207.126.227.8]) by SNV-EXPF01.ds.corp.yahoo.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 25 Jun 2010 11:36:03 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 25 Jun 2010 11:35:19 -0700
Message-ID: <012AB2B223CB3F4BB846962876F47217059B66E5@SNV-EXVS08.ds.corp.yahoo.com>
In-Reply-To: <AANLkTim0Z9wZrqX_zZxboZHCRjx9a28VcabWr-Hi1_-H@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [OAUTH-WG] proposal for signatures
Thread-Index: AcsUkMLGgJ3sNIWWROmSTTL6q774xwABGQ0w
References: <AANLkTingCgO-o3XRZbxYoD8U2rRTO-EgWcfg2hBlbQHm@mail.gmail.com><AANLkTinZ1XIFO25mcgoiDV-V0Blvv8ZC6kV_F3fca3dC@mail.gmail.com><4C5BCAC6-713F-4C42-8696-2931D1AB3199@gmail.com><AANLkTinlATNBEQsmFJIxv_cgqfI_tsoGfTMy6OXN6F_B@mail.gmail.com><A08279DC79B11C48AD587060CD9397712735068D@TK5EX14MBXC101.redmond.corp.microsoft.com><AANLkTimLrZzwDW9rMtGjD9k6ZtXc_oDXIIIYWOMw-NCi@mail.gmail.com><AANLkTilcn_qQLgriJEdPk95f2Zliyk0QXGvU6t77Aa7G@mail.gmail.com><AANLkTinEjidY_HmcGHPTus7P1snjCl9DPL4dX-Sz_mTQ@mail.gmail.com><AANLkTilRUQiD5oRyxUZXmPs2skCY8zAmc1Vl--8pEblS@mail.gmail.com><AANLkTilAjh9Jl0__9jksh3eY7giVR6Wtr0NYNoFfYHZX@mail.gmail.com><AANLkTil3NxM_TmrusslVpCTqwqA8AEtH_vPsHnxkrcE3@mail.gmail.com><CFA39B76-586F-443B-81F2-AC65FC6361FC@facebook.com> <AANLkTim0Z9wZrqX_zZxboZHCRjx9a28VcabWr-Hi1_-H@mail.gmail.com>
From: William Mills <wmills@yahoo-inc.com>
To: Breno <breno.demedeiros@gmail.com>, Luke Shepard <lshepard@facebook.com>
X-OriginalArrivalTime: 25 Jun 2010 18:36:03.0180 (UTC) FILETIME=[43E2A2C0:01CB1495]
Cc: Hannes.Tschofenig@gmx.net, OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] proposal for signatures
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2010 18:37:03 -0000

+1 for optional 

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] 
> On Behalf Of Breno
> Sent: Friday, June 25, 2010 11:02 AM
> To: Luke Shepard
> Cc: Hannes.Tschofenig@gmx.net; OAuth WG
> Subject: Re: [OAUTH-WG] proposal for signatures
> 
> On Fri, Jun 25, 2010 at 10:51 AM, Luke Shepard 
> <lshepard@facebook.com> wrote:
> >> What's the purpose of leaving out the key ID?
> > It's one more field that developers have to learn and 
> configure and type in.
> > We should keep the simple case simple, while allowing for 
> more complex 
> > cases. I think the fact that many providers now offer only 
> a single, 
> > shared secret is an indication that the key ID is not required.
> 
> Are you arguing here that the key_id should be an optional 
> field, or that it should not be part of the specification at all?
> 
> > On Jun 25, 2010, at 7:40 AM, Breno wrote:
> >
> > Key ids are an optimization in the case of rotating public 
> keys, but 
> > pretty much an operational requirement if you wish to support 
> > automatic rotation of shared keys.
> >
> > On Jun 23, 2010 2:56 AM, "Ben Laurie" <benl@google.com> wrote:
> >
> > On 22 June 2010 21:45, David Recordon <recordond@gmail.com> wrote:
> >> Hey Dick, in answering my quest...
> >
> > I don't understand why they are unnecessary no matter how keys are
> > managed: if there's ever a possibility that you might have 
> more than 
> > one key for someone, then key IDs are a useful optimisation.
> >
> > Put it another way: what's the purpose of leaving out the key ID?
> >
> >> And yes, Applied Cryptography is worth reading. :)
> >>
> >> --David
> >>
> >>
> >> On Tue, Jun 22, 2010 at 12:5...
> >
> > <ATT00001..txt>
> >
> 
> 
> 
> --
> Breno de Medeiros
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.40.4 | Report a Bug | By Email | System Status