IETF Logo Mail Archive

Re: [OAUTH-WG] TLS version requirements in OAuth 2.0 base

Barry Leiba <barryleiba@computer.org> Thu, 17 November 2011 11:34 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D32211E80BB for <oauth@ietfa.amsl.com>; Thu, 17 Nov 2011 03:34:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.846
X-Spam-Level:
X-Spam-Status: No, score=-102.846 tagged_above=-999 required=5 tests=[AWL=0.131, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UM9t3o91xCsU for <oauth@ietfa.amsl.com>; Thu, 17 Nov 2011 03:34:53 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 046A311E8089 for <oauth@ietf.org>; Thu, 17 Nov 2011 03:34:52 -0800 (PST)
Received: by ggnr5 with SMTP id r5so1066307ggn.31 for <oauth@ietf.org>; Thu, 17 Nov 2011 03:34:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=weia8YG76UATr6zWg7mBRQRFQ6uFeyVunMIemvcomic=; b=a23/7joZdh1uzx3T7l6MREu3NH4AcDO1arzReHwix6H7RfkJ6fOmwRe0ZjajNGVd6z aXAj8U4X8XL8rEHRkYfW5JvSkTjRD+Ps+nHWway9ADVD0g9Aqv5IkP0kImpkwyz+IqBV Ag9HX4DaYP+6JqLGfGvXy/3BK2tvM84R0/Gmk=
MIME-Version: 1.0
Received: by 10.236.72.167 with SMTP id t27mr8200878yhd.127.1321529692683; Thu, 17 Nov 2011 03:34:52 -0800 (PST)
Sender: barryleiba@gmail.com
Received: by 10.236.95.37 with HTTP; Thu, 17 Nov 2011 03:34:52 -0800 (PST)
In-Reply-To: <B26C1EF377CB694EAB6BDDC8E624B6E73A8BFCBC@SN2PRD0304MB235.namprd03.prod.outlook.com>
References: <CALaySJJcPPSU5PAtk9GNL9iFBXj1HfWjkN32GeHsV_Ry2t+o=A@mail.gmail.com> <4EC4EAE6.1020106@cdatazone.org> <CALaySJKTS6D=+JL55QX2aHdUoamgruT0EM0MezVTdVvQQemruw@mail.gmail.com> <B26C1EF377CB694EAB6BDDC8E624B6E73A8BFCBC@SN2PRD0304MB235.namprd03.prod.outlook.com>
Date: Thu, 17 Nov 2011 19:34:52 +0800
X-Google-Sender-Auth: kbOJfCdnHvLqGiQ6ZeSPO9EDyuY
Message-ID: <CALaySJL2Ortf+OM+_0PMb9db1bGN6EDCvSUTJTi0jZ+y283rfw@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Anthony Nadalin <tonynad@microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] TLS version requirements in OAuth 2.0 base
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2011 11:34:53 -0000

> And if the servers don't implement the "should" on 1.0 how do we get
> deployments for the other actors that can't talk to 1.2

1. Do you think we'll really see implementations that don't work with
what's out there?

2. SHOULD doesn't mean MAY.  SHOULD means "MUST, unless you have a
really good reason to do otherwise, and understand the implications."

Barry

v2.23.0 | Report a Bug | By Email