[OAUTH-WG] Fwd: [kitten] [IANA #731918] SASL mechanism not listed

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 24 March 2014 19:34 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 688AC1A0293 for <oauth@ietfa.amsl.com>; Mon, 24 Mar 2014 12:34:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YzVnxcxxr1Vn for <oauth@ietfa.amsl.com>; Mon, 24 Mar 2014 12:34:05 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie []) by ietfa.amsl.com (Postfix) with ESMTP id 693DD1A02D4 for <oauth@ietf.org>; Mon, 24 Mar 2014 12:34:04 -0700 (PDT)
Received: from localhost (localhost []) by mercury.scss.tcd.ie (Postfix) with ESMTP id 6133CBE57 for <oauth@ietf.org>; Mon, 24 Mar 2014 19:34:03 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([]) by localhost (mercury.scss.tcd.ie []) (amavisd-new, port 10024) with ESMTP id EwtjmkBhUE3Z for <oauth@ietf.org>; Mon, 24 Mar 2014 19:34:03 +0000 (GMT)
Received: from [] (stephen-think.dsg.cs.tcd.ie []) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 3B9B7BE49 for <oauth@ietf.org>; Mon, 24 Mar 2014 19:34:03 +0000 (GMT)
Message-ID: <533088AB.203@cs.tcd.ie>
Date: Mon, 24 Mar 2014 19:34:03 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
References: <53308872.9030305@cs.tcd.ie>
In-Reply-To: <53308872.9030305@cs.tcd.ie>
X-Enigmail-Version: 1.6
X-Forwarded-Message-Id: <53308872.9030305@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/xPGARvWL16qns0-m6E8TlWXNlCQ
Subject: [OAUTH-WG] Fwd: [kitten] [IANA #731918] SASL mechanism not listed
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Mar 2014 19:34:08 -0000

See below. I think (not quite sure) that this is better
discussed on the kitten list.


-------- Original Message --------
Subject: [kitten] [IANA #731918] SASL mechanism not listed
Date: Mon, 24 Mar 2014 19:33:06 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: kitten@ietf.org <kitten@ietf.org>
CC: iana-questions@iana.org <iana-questions@iana.org>


IANA were asked the following question a while back, but I
dropped the ball;-)

I'd appreciate your thoughts on the matter. I'm not quite
sure which registries are meant exactly though.

(I'll also forward to the oauth WG, but not cross-post)



The following draft describes a SASL mechanism that is in use on
GMail and should not therefore be allocated to another scheme unless
we want bad things to happen.


The strings XOAUTH and XOAUTH2 are also being used for a preliminary
version of the OAUTH spec as well.

The reason Google is using this particular mechanism rather than
PLAIN is that it is the one that has the widest client support:


So it would be a real disaster if this particular code point was re-issued.

It would probably be a good idea if every registry had a list of 'dirty'
code points that must not be reused because there are existing applications.


Kitten mailing list