IETF Logo Mail Archive

[OAUTH-WG] SPOP - code verifier requirements

Nat Sakimura <n-sakimura@nri.co.jp> Tue, 14 October 2014 09:26 UTC

Return-Path: <n-sakimura@nri.co.jp>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B3D61A6FEF for <oauth@ietfa.amsl.com>; Tue, 14 Oct 2014 02:26:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.308
X-Spam-Level: ****
X-Spam-Status: No, score=4.308 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FSL_HELO_BARE_IP_2=1, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3CqHkBnZwPnj for <oauth@ietfa.amsl.com>; Tue, 14 Oct 2014 02:26:18 -0700 (PDT)
Received: from nrifs03.index.or.jp (nrigw01.index.or.jp [133.250.250.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81A031A6FEC for <oauth@ietf.org>; Tue, 14 Oct 2014 02:26:18 -0700 (PDT)
Received: from nriea05.index.or.jp (unknown [172.19.246.40]) by nrifs03.index.or.jp (Postfix) with SMTP id 1B8D517EA43 for <oauth@ietf.org>; Tue, 14 Oct 2014 18:26:18 +0900 (JST)
Received: from nrims00a.nri.co.jp ([192.50.135.11]) by nriea05.index.or.jp (unknown) with ESMTP id s9E9QHAE020423 for <oauth@ietf.org>; Tue, 14 Oct 2014 18:26:17 +0900
Received: from nrims00a.nri.co.jp (localhost.localdomain [127.0.0.1]) by nrims00a.nri.co.jp (Switch-3.3.3/Switch-3.3.3) with ESMTP id s9E9QHmQ010241; Tue, 14 Oct 2014 18:26:17 +0900
Received: (from mailnull@localhost) by nrims00a.nri.co.jp (Switch-3.3.3/Switch-3.3.0/Submit) id s9E9QHMu010238; Tue, 14 Oct 2014 18:26:17 +0900
X-Authentication-Warning: nrims00a.nri.co.jp: mailnull set sender to n-sakimura@nri.co.jp using -f
Received: from nrizmf11b.index.or.jp ([172.100.25.18]) by nrims00a.nri.co.jp (Switch-3.3.3/Switch-3.3.3) with ESMTP id s9E9QHr4010234 for <oauth@ietf.org>; Tue, 14 Oct 2014 18:26:17 +0900
Received: from 127.0.0.1 (127.0.0.1) by m-FILTER with ESMTP; Tue, 14 Oct 2014 18:26:17 +0900
Date: Tue, 14 Oct 2014 18:26:11 +0900
From: Nat Sakimura <n-sakimura@nri.co.jp>
To: oauth@ietf.org
Message-Id: <20141014182611.dd6598cc163e9c640d4167fd@nri.co.jp>
X-Mailer: Sylpheed 3.4.2 (GTK+ 2.10.14; i686-pc-mingw32)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-MailAdviser: Ver1.5.1
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/q13T48BhXmXwI5pIBd_zPYAy9pw
Subject: [OAUTH-WG] SPOP - code verifier requirements
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 09:26:22 -0000

In his mail, Mike asked whether code verifier is 
a value that is sendable without trnasformation 
as a http parameter value, or if it needs to be 
% encoded when it is being sent. 

We have several options here: 

1) Require that the code verifier to be a base64url encoded string of a binary random value.

2) Let code verifier to be a binary string and require it to be 
either % encoded or base64url encoded when it is sent.
In this case, which encoding should we use?  

3) require the code verifier to be conform to the following ABNF:
code_verifier = 16*128unreserved
unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~" 

Which one do you guys prefer? 

Nat

-- 
Nat Sakimura (n-sakimura@nri.co.jp)
Nomura Research Institute, Ltd. 

PLEASE READ:
The information contained in this e-mail is confidential and intended for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.

v2.23.0 | Report a Bug | By Email