Re: [OAUTH-WG] Future of PoP Work
Mike Jones <Michael.Jones@microsoft.com> Wed, 19 October 2016 19:05 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F26C4126CD8 for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2016 12:05:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRuT6x6znScG for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2016 12:04:58 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0135.outbound.protection.outlook.com [104.47.42.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6A4E1293E3 for <oauth@ietf.org>; Wed, 19 Oct 2016 12:04:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/ufYfC8dyz6KqckKooRnjLlg0sxxPE/Cpa137jGYPgg=; b=hEHjEgIIiQrl9tilSaUNHNC6gvm845wWcfm+F4BNUnE37OuGbkD40UG+btWR/bSwNfbl6T0KVDRaKbk2+KK8C62AfMScwZTjR5Ci/4JBRM5iXV65OasybVTER65QedNQCh0OdGeUQSu9AyIGToD5Rj/Ds/ar3NLXW2u1wDQn31Q=
Received: from CO2PR03MB2358.namprd03.prod.outlook.com (10.166.93.18) by CO2PR03MB2360.namprd03.prod.outlook.com (10.166.93.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.659.11; Wed, 19 Oct 2016 19:04:57 +0000
Received: from CO2PR03MB2358.namprd03.prod.outlook.com ([10.166.93.18]) by CO2PR03MB2358.namprd03.prod.outlook.com ([10.166.93.18]) with mapi id 15.01.0659.025; Wed, 19 Oct 2016 19:04:57 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Future of PoP Work
Thread-Index: AQHSKjj2nonhFQqofk+TyYPiiGORW6CwIWYw
Date: Wed, 19 Oct 2016 19:04:57 +0000
Message-ID: <CO2PR03MB23588AC1D7A56A3A525FF1FDF5D20@CO2PR03MB2358.namprd03.prod.outlook.com>
References: <ef15c42a-e233-e148-4f38-ef7f75333c76@gmx.net>
In-Reply-To: <ef15c42a-e233-e148-4f38-ef7f75333c76@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [23.25.204.37]
x-ms-office365-filtering-correlation-id: 560017e5-304d-4c45-6ade-08d3f852d158
x-microsoft-exchange-diagnostics: 1; CO2PR03MB2360; 7:83SESKHyRI/fsh36i4b3MiEs0P2ZB8Zs5tvQCA9cVuvP5R70gmWTaOslFC4aTjKZbFF48VxjU7oMEz20YATpxLT3Jho1qc7fUE6+JgSMsxNL2zII4B4ElJ3PvG1QrUoEbKoQL6hGaV1naxaspkphtEr+ZtQp3Vrmh9E6TLAavdzo/4F+kUZXjt1F6o8JjRR3WJTeIWLosEm5ArHqFxWaUB2SQ8lt21KVSqDs6V17h/wTwXlzFkc+E8wcyzxz0oKDpX1eXs3QWYHA+JdEbDL5mOehxhMgLKZXp3bd6ZsxQqomFa16uPX/wYSfB2n0uw6WIg0IkT4ISlaqwETWvl8D/6PdG+Hb9xoBcJ1dOlfb4yDNv6HD00EP+OYBeBDeOql2
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CO2PR03MB2360;
x-microsoft-antispam-prvs: <CO2PR03MB23600B1D24B4321B5EF340E7F5D20@CO2PR03MB2360.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(61426038)(61427038); SRVR:CO2PR03MB2360; BCL:0; PCL:0; RULEID:; SRVR:CO2PR03MB2360;
x-forefront-prvs: 0100732B76
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(199003)(377454003)(53754006)(13464003)(189002)(2950100002)(3280700002)(105586002)(66066001)(81166006)(8936002)(2906002)(92566002)(97736004)(99286002)(2501003)(5001770100001)(5002640100001)(8990500004)(106356001)(81156014)(305945005)(87936001)(11100500001)(106116001)(10290500002)(122556002)(10400500002)(7736002)(5005710100001)(7846002)(77096005)(76576001)(6116002)(102836003)(86362001)(19580395003)(10090500001)(33656002)(3846002)(9686002)(5660300001)(2900100001)(15975445007)(86612001)(19580405001)(74316002)(8676002)(54356999)(50986999)(3660700001)(189998001)(7696004)(76176999)(68736007)(586003)(101416001)(107886002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO2PR03MB2360; H:CO2PR03MB2358.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Oct 2016 19:04:57.0459 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR03MB2360
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/vowzR28thXYwsFZbYyXk94sfvho>
Subject: Re: [OAUTH-WG] Future of PoP Work
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2016 19:05:01 -0000
1. We should continue the PoP work in the OAuth working group and not move it to ACE. (This was also discussed in the minutes at https://www.ietf.org/proceedings/96/minutes/minutes-96-oauth.) 2. We should abandon the HTTP signing work. It is both overly complicated *and* incomplete - not a good combination. This same combination is what let people to abandon OAuth 1.0 in favor of WRAP and later OAuth 2.0. We should learn from our own mistakes. ;-) -- Mike -----Original Message----- From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig Sent: Wednesday, October 19, 2016 2:45 PM To: oauth@ietf.org Subject: [OAUTH-WG] Future of PoP Work Hi all, two questions surfaced at the last IETF meeting, namely 1) Do we want to proceed with the symmetric implementation of PoP or, alternatively, do we want to move it over to the ACE working group? 2) Do we want to continue the work on HTTP signing? We would appreciate your input on these two questions. Ciao Hannes & Derek
- [OAUTH-WG] Future of PoP Work Hannes Tschofenig
- Re: [OAUTH-WG] Future of PoP Work Mike Jones
- Re: [OAUTH-WG] Future of PoP Work Phil Hunt (IDM)
- Re: [OAUTH-WG] Future of PoP Work Brian Campbell
- Re: [OAUTH-WG] Future of PoP Work Anthony Nadalin
- Re: [OAUTH-WG] Future of PoP Work Justin Richer
- Re: [OAUTH-WG] Future of PoP Work Ludwig Seitz
- Re: [OAUTH-WG] Future of PoP Work Samuel Erdtman
- Re: [OAUTH-WG] Future of PoP Work Phil Hunt (IDM)
- Re: [OAUTH-WG] Future of PoP Work Justin Richer
- Re: [OAUTH-WG] Future of PoP Work Phil Hunt
- Re: [OAUTH-WG] Future of PoP Work Justin Richer
- Re: [OAUTH-WG] Future of PoP Work Blue Teazzers