Re: [OAUTH-WG] TLS version requirements in OAuth 2.0 base
Barry Leiba <barryleiba@computer.org> Thu, 17 November 2011 11:34 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D32211E80BB for <oauth@ietfa.amsl.com>; Thu, 17 Nov 2011 03:34:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.846
X-Spam-Level:
X-Spam-Status: No, score=-102.846 tagged_above=-999 required=5 tests=[AWL=0.131, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UM9t3o91xCsU for <oauth@ietfa.amsl.com>; Thu, 17 Nov 2011 03:34:53 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 046A311E8089 for <oauth@ietf.org>; Thu, 17 Nov 2011 03:34:52 -0800 (PST)
Received: by ggnr5 with SMTP id r5so1066307ggn.31 for <oauth@ietf.org>; Thu, 17 Nov 2011 03:34:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=weia8YG76UATr6zWg7mBRQRFQ6uFeyVunMIemvcomic=; b=a23/7joZdh1uzx3T7l6MREu3NH4AcDO1arzReHwix6H7RfkJ6fOmwRe0ZjajNGVd6z aXAj8U4X8XL8rEHRkYfW5JvSkTjRD+Ps+nHWway9ADVD0g9Aqv5IkP0kImpkwyz+IqBV Ag9HX4DaYP+6JqLGfGvXy/3BK2tvM84R0/Gmk=
MIME-Version: 1.0
Received: by 10.236.72.167 with SMTP id t27mr8200878yhd.127.1321529692683; Thu, 17 Nov 2011 03:34:52 -0800 (PST)
Sender: barryleiba@gmail.com
Received: by 10.236.95.37 with HTTP; Thu, 17 Nov 2011 03:34:52 -0800 (PST)
In-Reply-To: <B26C1EF377CB694EAB6BDDC8E624B6E73A8BFCBC@SN2PRD0304MB235.namprd03.prod.outlook.com>
References: <CALaySJJcPPSU5PAtk9GNL9iFBXj1HfWjkN32GeHsV_Ry2t+o=A@mail.gmail.com> <4EC4EAE6.1020106@cdatazone.org> <CALaySJKTS6D=+JL55QX2aHdUoamgruT0EM0MezVTdVvQQemruw@mail.gmail.com> <B26C1EF377CB694EAB6BDDC8E624B6E73A8BFCBC@SN2PRD0304MB235.namprd03.prod.outlook.com>
Date: Thu, 17 Nov 2011 19:34:52 +0800
X-Google-Sender-Auth: kbOJfCdnHvLqGiQ6ZeSPO9EDyuY
Message-ID: <CALaySJL2Ortf+OM+_0PMb9db1bGN6EDCvSUTJTi0jZ+y283rfw@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Anthony Nadalin <tonynad@microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] TLS version requirements in OAuth 2.0 base
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2011 11:34:53 -0000
> And if the servers don't implement the "should" on 1.0 how do we get > deployments for the other actors that can't talk to 1.2 1. Do you think we'll really see implementations that don't work with what's out there? 2. SHOULD doesn't mean MAY. SHOULD means "MUST, unless you have a really good reason to do otherwise, and understand the implications." Barry
- [OAUTH-WG] TLS version requirements in OAuth 2.0 … Barry Leiba
- Re: [OAUTH-WG] TLS version requirements in OAuth … Rob Richards
- Re: [OAUTH-WG] TLS version requirements in OAuth … Anthony Nadalin
- Re: [OAUTH-WG] TLS version requirements in OAuth … Barry Leiba
- Re: [OAUTH-WG] TLS version requirements in OAuth … Anthony Nadalin
- Re: [OAUTH-WG] TLS version requirements in OAuth … Barry Leiba
- Re: [OAUTH-WG] TLS version requirements in OAuth … Rob Richards
- Re: [OAUTH-WG] TLS version requirements in OAuth … Justin Richer
- Re: [OAUTH-WG] TLS version requirements in OAuth … Phil Hunt
- Re: [OAUTH-WG] TLS version requirements in OAuth … Barry Leiba
- Re: [OAUTH-WG] TLS version requirements in OAuth … Rob Richards
- Re: [OAUTH-WG] TLS version requirements in OAuth … Peter Saint-Andre
- Re: [OAUTH-WG] TLS version requirements in OAuth … Stephen Farrell
- Re: [OAUTH-WG] TLS version requirements in OAuth … Peter Saint-Andre
- Re: [OAUTH-WG] TLS version requirements in OAuth … Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] TLS version requirements in OAuth … Mike Jones
- Re: [OAUTH-WG] TLS version requirements in OAuth … Stephen Farrell
- Re: [OAUTH-WG] TLS version requirements in OAuth … Rob Richards
- Re: [OAUTH-WG] TLS version requirements in OAuth … William Mills
- Re: [OAUTH-WG] TLS version requirements in OAuth … Justin Richer
- Re: [OAUTH-WG] TLS version requirements in OAuth … Barry Leiba
- Re: [OAUTH-WG] TLS version requirements in OAuth … Eran Hammer
- Re: [OAUTH-WG] TLS version requirements in OAuth … Barry Leiba
- Re: [OAUTH-WG] TLS version requirements in OAuth … Igor Faynberg