[Unbearable] Sec- prefixing the TTRP headers
Brian Campbell <bcampbell@pingidentity.com> Fri, 28 July 2017 21:15 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E58D132186 for <unbearable@ietfa.amsl.com>; Fri, 28 Jul 2017 14:15:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s1LsuUPMuk_5 for <unbearable@ietfa.amsl.com>; Fri, 28 Jul 2017 14:15:23 -0700 (PDT)
Received: from mail-pg0-x230.google.com (mail-pg0-x230.google.com [IPv6:2607:f8b0:400e:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D15D9132185 for <unbearable@ietf.org>; Fri, 28 Jul 2017 14:15:23 -0700 (PDT)
Received: by mail-pg0-x230.google.com with SMTP id u185so9787042pgb.1 for <unbearable@ietf.org>; Fri, 28 Jul 2017 14:15:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:from:date:message-id:subject:to; bh=b5hpBWw0z1qs8jWPZaOIT26sM/x1g/oFmQxnh7T16Bg=; b=W9ZZ1HsltDEBMLPB8bjY0A28ItjdAJz+0it+MIUg8hxZic7zUaTILoeEl3spGpjsjm FXpxO6QyrU5rmMTXs3WSGWvWhqssLC8QkGbgSJFVfTMVgannJFheHwhpoJFcDoX0MU8o Qb31/sNUt6t9l5ygeHNPqa66uowt4+rLkDKIk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=b5hpBWw0z1qs8jWPZaOIT26sM/x1g/oFmQxnh7T16Bg=; b=QD1a/TDyhXgb++HkbUUGuL/fxKxaiYxbvhcxkRiIPLAG8vur9xE97rvnsV8e7QnJpS tpY3absXhCl7eNa4E9AwqUHdUmgSi9aVJgPZRE3VM/f3qiJsgxMNE2SWzmtPIjK0rE1/ gh1QWBaSp7bOr3E3wfLpXNVKFDMkAXkDHXckQJfKJ6G7UMLBtYvfKsfgD68jJ3wnoE6R B40qAecsRSVDZ9OP2JI0uAOAys94r0NU3EIAGfSj9PHXS4yTGPSfWDdUm4grf5lbxAgL ZFGSRgbGNWwUdT/jL2Cg4+87JioBBHkutdP/1EVPpkIX8HoaN0cFe89YTh2yTB64Tl4J huAw==
X-Gm-Message-State: AIVw110rN2nw9hROdtXr73WS56ZHG1xxvWL0v/zgkpS6MxS63/X3Nq5I PgHv5xcwi4cvgGBtZhf3rykRp9SCOGx3mYmuOfOSw+ovm90k9f67uaG6Cv3CzFDPH9cZS2QIUEA N1CB+emrLBWgNhg==
X-Received: by 10.84.210.203 with SMTP id a69mr9062063pli.395.1501276523215; Fri, 28 Jul 2017 14:15:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.145.87 with HTTP; Fri, 28 Jul 2017 14:14:52 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 28 Jul 2017 15:14:52 -0600
Message-ID: <CA+k3eCQxAucHe1uJOWjzk2yd6prPkBzUtXPKnxbg60fAD6EuiQ@mail.gmail.com>
To: IETF Tokbind WG <unbearable@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c09614ce05cf50555672d14"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/dxEWWYvk40nK-axYZDstLGM7FnE>
Subject: [Unbearable] Sec- prefixing the TTRP headers
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 21:15:25 -0000
My sense in the Prague meeting was that the was pretty good consensus that the Sec- prefix should be used for the headers defined in -tokbind-ttrp. That make them "Sec-Provided-Token-Binding-ID" and "Sec-Referred-Token-Binding-ID". So, unless there's feedback on the list here that there's not consensus for it, I'll make that change in the next revision. -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
- [Unbearable] Sec- prefixing the TTRP headers Brian Campbell
- Re: [Unbearable] Sec- prefixing the TTRP headers Nick Harper