From hartmans@mit.edu Mon Oct 1 01:34:52 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A079821F8602 for ; Mon, 1 Oct 2012 01:34:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -95.849 X-Spam-Level: X-Spam-Status: No, score=-95.849 tagged_above=-999 required=5 tests=[AWL=-2.737, BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLCNEoM8OaEX for ; Mon, 1 Oct 2012 01:34:52 -0700 (PDT) Received: from ec2-23-21-227-93.compute-1.amazonaws.com (ec2-23-21-227-93.compute-1.amazonaws.com [23.21.227.93]) by ietfa.amsl.com (Postfix) with ESMTP id 3AE4721F8615 for ; Mon, 1 Oct 2012 01:34:52 -0700 (PDT) Received: from carter-zimmerman.suchdamage.org (c-98-217-126-210.hsd1.ma.comcast.net [98.217.126.210]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id AE837202C1; Mon, 1 Oct 2012 04:34:39 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 5B1A8414A; Mon, 1 Oct 2012 04:34:47 -0400 (EDT) From: Sam Hartman To: ietf-krb-wg@anl.gov,kitten@ietf.org Date: Mon, 01 Oct 2012 04:34:47 -0400 Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [kitten] Reviewers for draft-ietf-krb-wg-kdc-model required to progress X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2012 08:34:52 -0000 In order to resolve Pete's discuss about use of 2119 language, Pete and Leif are working on text that avoids use of 2119 language and directly explains what we mean. I need a reviewer who can understand the current text and review the new text to see if it matches the WG's intent. Who is willing to volunteer to do that? Sam Hartman Kitten/Kerberos co-chair From stephen.farrell@cs.tcd.ie Mon Oct 1 02:30:53 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47F2F21F84D3 for ; Mon, 1 Oct 2012 02:30:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTVBiHN91kEQ for ; Mon, 1 Oct 2012 02:30:52 -0700 (PDT) Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 3E0FF21F84C9 for ; Mon, 1 Oct 2012 02:30:52 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id ABB4C171479; Mon, 1 Oct 2012 10:30:51 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1349083851; bh=ohbWQG/Pd++E0+ yahzweP3TbAX/RE/HLs6X6TpR6Q2k=; b=bVdIcrrxgtlUf/GQYyd/tTDKbt6fS5 A1tOHiYTrPxHGLFnKV4irbb9OgCv7aM5s4s+Mh8qa9IKMN7no5gLBjRqKs4S28SW A6cu/lUXI/oPQVHogDtaWBWcXM5wbccWyp3YwJyp7T3sAn0sWulyUQDRXyXJ814V u/8xWvowY/7GjG/SUrg8HeHuGZDelutoSe4uibON4D5V4aMw1O2kkj67Gr59K36Y T/eRb79NHB/IYhQIAb7rr68tZ2mjABL7hIbwBqJ7qeUpMZVIfEmwP/cCwFSwlQ02 Eh0UySL595RZRZ5H19/cNDwn7eBNH2uZqOLECtgqf3Sps4SILhMSb88g== X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id X7+FVFdfj9FZ; Mon, 1 Oct 2012 10:30:51 +0100 (IST) Received: from [IPv6:2001:770:10:203:8864:a7d3:c56a:f9a8] (unknown [IPv6:2001:770:10:203:8864:a7d3:c56a:f9a8]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 33A3F171477; Mon, 1 Oct 2012 10:30:51 +0100 (IST) Message-ID: <506962CC.1070609@cs.tcd.ie> Date: Mon, 01 Oct 2012 10:30:52 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120912 Thunderbird/15.0.1 MIME-Version: 1.0 To: "krb-wg mailing list (ietf-krb-wg@lists.anl.gov)" , kitten@ietf.org References: <505CB3B9.6040801@cs.tcd.ie> In-Reply-To: <505CB3B9.6040801@cs.tcd.ie> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [kitten] kerberos/kitten merger X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2012 09:30:53 -0000 Hi again, I'm happy to announce that we've found a third co-chair to work with Sam and Shawn as chairs of the merged wg - that's Josh Howlett. Please join me in welcoming Josh. I've asked the secretariat to make Sam, Shawn and Josh be the chairs of both krb-wg and kitten for now to make sure that Josh is properly in the loop as we discuss the re-chartering before and during IETF-85. Thanks to all three for being willing to help us continue the good work here. And thanks again to Jeff, Alexey, Tom and Larry for all their great work to date. Regards, Stephen. From hannes.tschofenig@gmx.net Wed Oct 3 11:48:26 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB4C921F84D6 for ; Wed, 3 Oct 2012 11:48:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.393 X-Spam-Level: X-Spam-Status: No, score=-102.393 tagged_above=-999 required=5 tests=[AWL=0.206, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LP-hmk7KxbYf for ; Wed, 3 Oct 2012 11:48:25 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 65A5E21F848F for ; Wed, 3 Oct 2012 11:48:25 -0700 (PDT) Received: (qmail invoked by alias); 03 Oct 2012 18:48:23 -0000 Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.200]) [88.115.216.191] by mail.gmx.net (mp029) with SMTP; 03 Oct 2012 20:48:23 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX18TFk8tAggTWpSFgVL626kd+G0ZV36RQMc/CWpOf+ FTt7bCOaY466nF Message-ID: <506C886F.7090506@gmx.net> Date: Wed, 03 Oct 2012 21:48:15 +0300 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: Alexey Melnikov References: <505EAAC3.1040005@isode.com> In-Reply-To: <505EAAC3.1040005@isode.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: "kitten@ietf.org" Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2012 18:48:27 -0000 I did a quick review of the document. It can be found here: http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.pdf http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.doc There is one issue that I am not entirely sure about. OAUTH10A refers to "Authorization using OAuth 1.0a tokens." OAuth 1.0a, however, has three mechanisms a) HMAC-SHA1 b) RSA-SHA1 c) PLAINTEXT (over TLS) (The PLAINTEXT version without TLS was part of the community edition of OAuth 1.0. I ignore it here.) To which of these three mechanisms does OAUTH10A refer to? Ciao Hannes On 09/23/2012 09:22 AM, Alexey Melnikov wrote: > On behalf of Kitten WG chairs I would like to initiate 2 weeks Working > Group Last Call on draft-ietf-kitten-sasl-oauth-08.txt. Please reply > with your comments (positive and/or negative) directly to the mailing > list or to WG chairs kitten-chairs@tools.ietf.org. Statement of support > such as "I reviewed the document and it looks ready for publication" > will also be appreciated. > > Alexey, > as [outgoing] Kitten co-chair. > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten From wmills@yahoo-inc.com Wed Oct 3 12:25:15 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C2A521F84DC for ; Wed, 3 Oct 2012 12:25:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.49 X-Spam-Level: X-Spam-Status: No, score=-17.49 tagged_above=-999 required=5 tests=[AWL=0.108, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zpV1lmm9PrRZ for ; Wed, 3 Oct 2012 12:25:14 -0700 (PDT) Received: from nm6-vm0.bullet.mail.sp2.yahoo.com (nm6-vm0.bullet.mail.sp2.yahoo.com [98.139.91.206]) by ietfa.amsl.com (Postfix) with SMTP id 440E121F84D5 for ; Wed, 3 Oct 2012 12:25:14 -0700 (PDT) Received: from [98.139.91.67] by nm6.bullet.mail.sp2.yahoo.com with NNFMP; 03 Oct 2012 19:25:11 -0000 Received: from [98.139.91.51] by tm7.bullet.mail.sp2.yahoo.com with NNFMP; 03 Oct 2012 19:25:11 -0000 Received: from [127.0.0.1] by omp1051.mail.sp2.yahoo.com with NNFMP; 03 Oct 2012 19:25:11 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 274107.98501.bm@omp1051.mail.sp2.yahoo.com Received: (qmail 7313 invoked by uid 60001); 3 Oct 2012 19:25:10 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1349292310; bh=f2ij5w0foQeoMM13difzDVD/cbgkB0TIYFnNfWghv8g=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=WvtQj7FL/BXAvA/6Hj1YIC0sJ0sdfx5qQe1LwVG0zKS5PBXc3s85tZeS+m5CrGiT78r/wZAKNhE69VrWqEjVNEk0KnGj5UwTZgVeCbuaTM8fLhNUiNCsUYrpz5NZ8aBrqJ4Aytb7W5EDkzhNd3vrDePXyKOgAaHvhrqBzRu/YXs= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Lujb/j0Ht85N06p2izuVI5NI6aEqg7uFbV/epyb5QEx0fCGziI7R3GsRUFiFDabEH0Km2wpEX4kN1+YJotlvsUrPrtSPRH3LRi9WiJwNsyzEHlwRPp1Ae42ciVYBAYgHRlQQmZaqqbHHOW3YDoJGFG41xsJ2oz0QOQ4FP6SbWHA=; X-YMail-OSG: s.gKFCIVM1mq_FuDOkKbNvfymU2I9w7UJkZNWNJoi8aKNne Yw.EkUp7_L7VfmleaWN4w3_XDl59TzNs3GPixo9yF_YJeP_9CXfGNzKg1NHq 4ar6FnMVnua01geFDW1m4O1WpCFTxYzoZ5RzS2rV020NP5dcvpuz74xQkZLl .2Px4O54JsasC0C0EOq0wNfRRTLEnVudSWV25vH20cp8neFqO7BoJtdIkRFf kI2jxfUzLKsvyR8EnnGZKfKWsA20OnWPXFeFJqSRPcGkNOsASYLYMHTsC1Fg 7o1mBPA6HsKvJABF27dqX9Eowg1NFD7vpLMch4_1RTgmzrStcP5VGZOSrX.G itQrYtuLC_7BDBfmFh0SaNY20Kjx.Hh4HI6ZoKCOJJuwxNFnJO7o54vulI4I A4snezXPPv5L1qDJ.wTZfX.bWiRMuq2FgkYJNCVIvRMCNSaWFl3rGuD7xT6B Add4_LbPRlpEqMvsh8Zd0tNt8XabMQuLAWaYngIzp7nWRuLpQjgcfqBDCb8X mXdNgvLQZR23naK0i3w2eMBpsxjkDcIUphcTt86dg5C7lPc6VO1NGjNzO9hI RWHhQ5lYKx5BpmKHXJAsA5NPdNA-- Received: from [209.131.62.115] by web31806.mail.mud.yahoo.com via HTTP; Wed, 03 Oct 2012 12:25:10 PDT X-Rocket-MIMEInfo: 001.001, SW4gMS4wYSB0aGUgc2lnbmF0dXJlIG1ldGhvZCBpcyBwYXJ0IG9mIHRoZSB0cmFuc2FjdGlvbiwgaS5lLiAKCsKgwqDCoCBvYXV0aF9zaWduYXR1cmVfbWV0aG9kPSJITUFDLVNIQTEiCgpUaGUgc2VydmVyIGFjdHVhbGx5IGhhcyB0byBzdXBwb3J0IGFsbCAzIG1ldGhvZHMgSSBiZWxpZXZlLiAgVGhlcmUgaXMgbm8gY2hvaWNlIHRvIG1ha2UgaGVyZSBmb3IgdGhlIG1lY2hhbmlzbS4gCgoKCgoKPl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCj4gRnJvbTogSGFubmVzIFRzY2hvZmVuaWcgPGhhbm4BMAEBAQE- X-RocketYMMF: william_john_mills X-Mailer: YahooMailWebService/0.8.123.449 References: <505EAAC3.1040005@isode.com> <506C886F.7090506@gmx.net> Message-ID: <1349292310.34385.YahooMailNeo@web31806.mail.mud.yahoo.com> Date: Wed, 3 Oct 2012 12:25:10 -0700 (PDT) From: William Mills To: Hannes Tschofenig , Alexey Melnikov In-Reply-To: <506C886F.7090506@gmx.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="-1055047407-2124849814-1349292310=:34385" Cc: "kitten@ietf.org" Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: William Mills List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2012 19:25:15 -0000 ---1055047407-2124849814-1349292310=:34385 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable In 1.0a the signature method is part of the transaction, i.e. =0A=0A=A0=A0= =A0 oauth_signature_method=3D"HMAC-SHA1"=0A=0AThe server actually has to su= pport all 3 methods I believe. There is no choice to make here for the mec= hanism. =0A=0A=0A=0A=0A=0A>________________________________=0A> From: Hanne= s Tschofenig =0A>To: Alexey Melnikov =0A>Cc: "kitten@ietf.org" =0A>Sent: Wedn= esday, October 3, 2012 11:48 AM=0A>Subject: Re: [kitten] WGLC on draft-ietf= -kitten-sasl-oauth-08.txt=0A> =0A>I did a quick review of the document. It = can be found here:=0A>http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-= oauth-08.pdf=0A>http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-= 08.doc=0A>=0A>There is one issue that I am not entirely sure about.=0A>=0A>= OAUTH10A refers to "Authorization using OAuth 1.0a tokens."=0A>=0A>OAuth 1.= 0a, however, has three mechanisms=0A>=0A>a) HMAC-SHA1=0A>b) RSA-SHA1=0A>c) = PLAINTEXT (over TLS)=0A>=0A>(The PLAINTEXT version without TLS was part of = the community edition of OAuth 1.0. I ignore it here.)=0A>=0A>To which of t= hese three mechanisms does OAUTH10A refer to?=0A>=0A>Ciao=0A>Hannes=0A>=0A>= =0A>On 09/23/2012 09:22 AM, Alexey Melnikov wrote:=0A>> On behalf of Kitten= WG chairs I would like to initiate 2 weeks Working=0A>> Group Last Call on= draft-ietf-kitten-sasl-oauth-08.txt. Please reply=0A>> with your comments = (positive and/or negative) directly to the mailing=0A>> list or to WG chair= s kitten-chairs@tools.ietf.org. Statement of support=0A>> such as "I review= ed the document and it looks ready for publication"=0A>> will also be appre= ciated.=0A>> =0A>> Alexey,=0A>> as [outgoing] Kitten co-chair.=0A>> =0A>> _= ______________________________________________=0A>> Kitten mailing list=0A>= > Kitten@ietf.org=0A>> https://www.ietf.org/mailman/listinfo/kitten=0A>=0A>= _______________________________________________=0A>Kitten mailing list=0A>K= itten@ietf.org=0A>https://www.ietf.org/mailman/listinfo/kitten=0A>=0A>=0A> ---1055047407-2124849814-1349292310=:34385 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable
In 1.0a t= he signature method is part of the transaction, i.e. 
    oauth_signature_method=
=3D"HMAC-SHA1"

The server actually has to support all 3 methods I be=
lieve.  There is no choice to make here for the mechanism.
<= span>

=
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
To: Alexey Melnikov <alexey.melnikov@isode.com> Cc: "kitten@ietf.org" &l= t;kitten@ietf.org>
Sent: Wednesday, October 3, 2012 11:48 AM
Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-o= auth-08.txt

I did a quick review of the document. It= can be found here:
http://www.tschofenig.priv.at/d= raft-ietf-kitten-sasl-oauth-08.pdf
http://www.t= schofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.doc

There is o= ne issue that I am not entirely sure about.

OAUTH10A refers to "Auth= orization using OAuth 1.0a tokens."

OAuth 1.0a, however, has three mechanisms

a) HMAC-SHA1
b) RSA-SHA1
c) PLAINTEXT (over TLS= )

(The PLAINTEXT version without TLS was part of the community editi= on of OAuth 1.0. I ignore it here.)

To which of these three mechanis= ms does OAUTH10A refer to?

Ciao
Hannes


On 09/23/2012 0= 9:22 AM, Alexey Melnikov wrote:
> On behalf of Kitten WG chairs I wou= ld like to initiate 2 weeks Working
> Group Last Call on draft-ietf-k= itten-sasl-oauth-08.txt. Please reply
> with your comments (positive = and/or negative) directly to the mailing
> list or to WG chairs kitten-chairs@tools.ietf.org. Statement of support
&= gt; such as "I reviewed the document and it looks ready for publication"> will also be appreciated.
>
> Alexey,
> as [outgoi= ng] Kitten co-chair.
>
> _______________________________________________
> Kitten mailing lis= t
> Kitten@ietf.org
> https://www.ietf.org/mailman/listinfo/kitt= en

_______________________________________________
Kitten mai= ling list
Kitten@ietf.org
https://www.ietf.org/mailman/listinfo/kitten=


---1055047407-2124849814-1349292310=:34385-- From hannes.tschofenig@gmx.net Thu Oct 4 00:18:32 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48DE421F852E for ; Thu, 4 Oct 2012 00:18:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.401 X-Spam-Level: X-Spam-Status: No, score=-102.401 tagged_above=-999 required=5 tests=[AWL=0.198, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q29FrdooQ49K for ; Thu, 4 Oct 2012 00:18:31 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 950E621F8518 for ; Thu, 4 Oct 2012 00:18:30 -0700 (PDT) Received: (qmail invoked by alias); 04 Oct 2012 07:18:29 -0000 Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.200]) [88.115.216.191] by mail.gmx.net (mp002) with SMTP; 04 Oct 2012 09:18:29 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX19Ar0gAqJxAs1qXceaSK5of1FZwf87X3z6OXl2/Su ySy3o7sPmzKzUL Message-ID: <506D383C.4010203@gmx.net> Date: Thu, 04 Oct 2012 10:18:20 +0300 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: William Mills References: <505EAAC3.1040005@isode.com> <506C886F.7090506@gmx.net> <1349292310.34385.YahooMailNeo@web31806.mail.mud.yahoo.com> In-Reply-To: <1349292310.34385.YahooMailNeo@web31806.mail.mud.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: "kitten@ietf.org" Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2012 07:18:32 -0000 There are two problems: 1) OAUTH10A-PLUS says that it adds channel binding capability to OAUTH10A for additional security guarantees. Since OAUTH10A includes the PLAINTEXT mechanism the channel binding procedure does not work as described. The PLAINTEXT mechanism (which is a misleading name given that it runs on top of TLS) corresponds to the OAuth 2.0 Bearer Token-based mechanism but is just less well specified (which may lead to interoperability problems). 2) RSA-SHA1 is not sufficiently specified in OAuth 1.0a that it would actually work. In particular, there is no protocol mechanism to obtain the temporary RSA key pair. Ciao Hannes On 10/03/2012 10:25 PM, William Mills wrote: > In 1.0a the signature method is part of the transaction, i.e. > > oauth_signature_method="HMAC-SHA1" > > The server actually has to support all 3 methods I believe. There is no choice to make here for the mechanism. > > > > ------------------------------------------------------------------------ > *From:* Hannes Tschofenig > *To:* Alexey Melnikov > *Cc:* "kitten@ietf.org" > *Sent:* Wednesday, October 3, 2012 11:48 AM > *Subject:* Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt > > I did a quick review of the document. It can be found here: > http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.pdf > http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.doc > > There is one issue that I am not entirely sure about. > > OAUTH10A refers to "Authorization using OAuth 1.0a tokens." > > OAuth 1.0a, however, has three mechanisms > > a) HMAC-SHA1 > b) RSA-SHA1 > c) PLAINTEXT (over TLS) > > (The PLAINTEXT version without TLS was part of the community edition > of OAuth 1.0. I ignore it here.) > > To which of these three mechanisms does OAUTH10A refer to? > > Ciao > Hannes > > > On 09/23/2012 09:22 AM, Alexey Melnikov wrote: > > On behalf of Kitten WG chairs I would like to initiate 2 weeks > Working > > Group Last Call on draft-ietf-kitten-sasl-oauth-08.txt. Please reply > > with your comments (positive and/or negative) directly to the mailing > > list or to WG chairs kitten-chairs@tools.ietf.org > . Statement of support > > such as "I reviewed the document and it looks ready for publication" > > will also be appreciated. > > > > Alexey, > > as [outgoing] Kitten co-chair. > > > > _______________________________________________ > > Kitten mailing list > > Kitten@ietf.org > > https://www.ietf.org/mailman/listinfo/kitten > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten > > From wmills@yahoo-inc.com Thu Oct 4 07:49:51 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9945921F86E1 for ; Thu, 4 Oct 2012 07:49:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.5 X-Spam-Level: X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[AWL=0.098, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id li6SVlAF1qp2 for ; Thu, 4 Oct 2012 07:49:50 -0700 (PDT) Received: from nm18-vm3.bullet.mail.ne1.yahoo.com (nm18-vm3.bullet.mail.ne1.yahoo.com [98.138.91.148]) by ietfa.amsl.com (Postfix) with SMTP id 57B7B21F86B9 for ; Thu, 4 Oct 2012 07:49:48 -0700 (PDT) Received: from [98.138.90.55] by nm18.bullet.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 14:49:41 -0000 Received: from [98.138.87.8] by tm8.bullet.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 14:49:41 -0000 Received: from [127.0.0.1] by omp1008.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 14:49:41 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 827494.59313.bm@omp1008.mail.ne1.yahoo.com Received: (qmail 55081 invoked by uid 60001); 4 Oct 2012 14:49:41 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1349362181; bh=Jrtf7+otgk9YQjngeue6uJsrAO3CbWomg+e4BKwWP+I=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=eU9Nor09dHYdmRGM2frDiT/WpS1bAgJ7NnIToH2yT4H1tPTutuzvUd3p/l0A4Vp3D3a62Fb3KrPJFIhF5QExEllNfmcDE1C80Go9sF9OnH2LPEwEVDJt1HoyUKaT00KqgbbYSI6oqrdvPbgeJJsD8I2yWx60TLx0asJeAhKH94s= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=QUGatVp+Bss9DdQaRBhNvazTRfbwbtM//PGXUgMmU3y7vdiI8HL9RwG1PUYeA2kLvt5pKborB9YR4hVhesZ6280hyUgZ2r+LgL9G0jc4svVuhm45/FhaW/s486vceqPUpdvj47DsZSLGF++O0WozXeGbdy8vRLlSyrYOAY2BNNE=; X-YMail-OSG: ZNjK4lUVM1nfbhwZM9EhEwcSd4SywNbe62ENp3T6rExCkn0 32RN0VnEl0gUGZm.1FJNi7BL_bKrtMVEB9bp008vkKImm1r92TTDfGjEADtn 5ebMzh7DwGBbcCCgN8PYbM4c9jjncku6swUBEGdmpVfQ6skk8H7wuFhZ45hg LMl_QmTJQzASyYIzjPiMpPi7EQFBqQ0OV5i6yWooQ6iqEValiumNaP2cUb0p JrRtSTtZo.Ghw7NhjkAzKxz5Yx9KuYXFEMOpOjtNO5hCbP9v3Y9T_rozqXop 6JMuAxoQFYig5vkDsm2IlOzRa2hF76GQ2Hm2bKpxGyARP_Dv7zDNLu3QMEHf Uzg1MPngz2uZsqZ69GpHCLVNJTgVfG3fY1tFmsXgY_LOwzdWRXxZh1JBWlH_ 4PmeTuzVJOaNxM6QkOh7Mqd2NpefJM9XdqWQ0Qe26jcfglfxQPFrI1upMFY_ hguQcAmAjDbxrEz9NtwbjSEd0dITXwtPtyjoREmPDU1JD_r3HBWOHrI864Zc NHrFgpxuey3mO9xLJNrCj7.BB3.TLXwW2d1wQoD9GMkeArDKnkW1fbjR5fBF fmerKrS3bzq3c8g-- Received: from [99.31.212.42] by web31802.mail.mud.yahoo.com via HTTP; Thu, 04 Oct 2012 07:49:41 PDT X-Rocket-MIMEInfo: 001.001, Rm9yICMxIGJlbG93IGNhbiB3ZSBzb2x2ZSB0aGlzIHdpdGggdGV4dCBzdGF0aW5nIHRoYXQgaW4gLVBMVVMgdGhhdCAiUExBSU5URVhUIiBNVVNUIE5PVCBiZSB1c2VkPwoKRm9yICMyLCBJIHNlZSB0aGUgcHJvYmxlbSwgYnV0IGRvIHdlIG5lZWQgdG8gZml4IGl0PwoKCgoKCj5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwo.IEZyb206IEhhbm5lcyBUc2Nob2ZlbmlnIDxoYW5uZXMudHNjaG9mZW5pZ0BnbXgubmV0Pgo.VG86IFdpbGxpYW0gTWlsbHMgPHdtaWxsc0B5YWhvby1pbmMuY29tPiAKPkMBMAEBAQE- X-RocketYMMF: william_john_mills X-Mailer: YahooMailWebService/0.8.123.449 References: <505EAAC3.1040005@isode.com> <506C886F.7090506@gmx.net> <1349292310.34385.YahooMailNeo@web31806.mail.mud.yahoo.com> <506D383C.4010203@gmx.net> Message-ID: <1349362181.41288.YahooMailNeo@web31802.mail.mud.yahoo.com> Date: Thu, 4 Oct 2012 07:49:41 -0700 (PDT) From: William Mills To: Hannes Tschofenig In-Reply-To: <506D383C.4010203@gmx.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="-1036955950-251186651-1349362181=:41288" Cc: "kitten@ietf.org" Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: William Mills List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2012 14:49:51 -0000 ---1036955950-251186651-1349362181=:41288 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable For #1 below can we solve this with text stating that in -PLUS that "PLAINT= EXT" MUST NOT be used?=0A=0AFor #2, I see the problem, but do we need to fi= x it?=0A=0A=0A=0A=0A=0A>________________________________=0A> From: Hannes T= schofenig =0A>To: William Mills =0A>Cc: Hannes Tschofenig ; Alexey Melnik= ov ; "kitten@ietf.org" =0A>Sen= t: Thursday, October 4, 2012 12:18 AM=0A>Subject: Re: [kitten] WGLC on draf= t-ietf-kitten-sasl-oauth-08.txt=0A> =0A>There are two problems:=0A>=0A>1) O= AUTH10A-PLUS says that it adds channel binding capability to =0A>OAUTH10A f= or additional security guarantees.=0A>=0A>Since OAUTH10A includes the PLAIN= TEXT mechanism the channel binding =0A>procedure does not work as described= . The PLAINTEXT mechanism (which is =0A>a misleading name given that it run= s on top of TLS) corresponds to the =0A>OAuth 2.0 Bearer Token-based mechan= ism but is just less well specified =0A>(which may lead to interoperability= problems).=0A>=0A>2) RSA-SHA1 is not sufficiently specified in OAuth 1.0a = that it would =0A>actually work. In particular, there is no protocol mechan= ism to obtain =0A>the temporary RSA key pair.=0A>=0A>Ciao=0A>Hannes=0A>=0A>= On 10/03/2012 10:25 PM, William Mills wrote:=0A>> In 1.0a the signature met= hod is part of the transaction, i.e.=0A>>=0A>>=A0 =A0 =A0 oauth_signature_m= ethod=3D"HMAC-SHA1"=0A>>=0A>> The server actually has to support all 3 meth= ods I believe.=A0 There is no choice to make here for the mechanism.=0A>>= =0A>>=0A>>=0A>>=A0 =A0 ---------------------------------------------------= ---------------------=0A>>=A0 =A0 *From:* Hannes Tschofenig =0A>>=A0 =A0 *To:* Alexey Melnikov =0A>>=A0 =A0 *Cc:* "kitten@ietf.org" =0A>>=A0 =A0 *Sent= :* Wednesday, October 3, 2012 11:48 AM=0A>>=A0 =A0 *Subject:* Re: [kitten]= WGLC on draft-ietf-kitten-sasl-oauth-08.txt=0A>>=0A>>=A0 =A0 I did a quic= k review of the document. It can be found here:=0A>>=A0 =A0 http://www.tsch= ofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.pdf=0A>>=A0 =A0 http://www.t= schofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.doc=0A>>=0A>>=A0 =A0 The= re is one issue that I am not entirely sure about.=0A>>=0A>>=A0 =A0 OAUTH1= 0A refers to "Authorization using OAuth 1.0a tokens."=0A>>=0A>>=A0 =A0 OAu= th 1.0a, however, has three mechanisms=0A>>=0A>>=A0 =A0 a) HMAC-SHA1=0A>>= =A0 =A0 b) RSA-SHA1=0A>>=A0 =A0 c) PLAINTEXT (over TLS)=0A>>=0A>>=A0 =A0 = (The PLAINTEXT version without TLS was part of the community edition=0A>>= =A0 =A0 of OAuth 1.0. I ignore it here.)=0A>>=0A>>=A0 =A0 To which of the= se three mechanisms does OAUTH10A refer to?=0A>>=0A>>=A0 =A0 Ciao=0A>>=A0 = =A0 Hannes=0A>>=0A>>=0A>>=A0 =A0 On 09/23/2012 09:22 AM, Alexey Melnikov = wrote:=0A>>=A0 =A0 =A0 > On behalf of Kitten WG chairs I would like to init= iate 2 weeks=0A>>=A0 =A0 Working=0A>>=A0 =A0 =A0 > Group Last Call on draf= t-ietf-kitten-sasl-oauth-08.txt. Please reply=0A>>=A0 =A0 =A0 > with your c= omments (positive and/or negative) directly to the mailing=0A>>=A0 =A0 =A0 = > list or to WG chairs kitten-chairs@tools.ietf.org=0A>>=A0 =A0 . Statement of support=0A>>=A0 =A0 =A0 > such as= "I reviewed the document and it looks ready for publication"=0A>>=A0 =A0 = =A0 > will also be appreciated.=0A>>=A0 =A0 =A0 >=0A>>=A0 =A0 =A0 > Alexey,= =0A>>=A0 =A0 =A0 > as [outgoing] Kitten co-chair.=0A>>=A0 =A0 =A0 >=0A>>=A0= =A0 =A0 > _______________________________________________=0A>>=A0 =A0 =A0 = > Kitten mailing list=0A>>=A0 =A0 =A0 > Kitten@ietf.org =0A>>=A0 =A0 =A0 > https://www.ietf.org/mailman/listinfo/kitten=0A>>= =0A>>=A0 =A0 _______________________________________________=0A>>=A0 =A0 = Kitten mailing list=0A>>=A0 =A0 Kitten@ietf.org =0A= >>=A0 =A0 https://www.ietf.org/mailman/listinfo/kitten=0A>>=0A>>=0A>=0A>=0A= >=0A> ---1036955950-251186651-1349362181=:41288 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable
For #1 be= low can we solve this with text stating that in -PLUS that "PLAINTEXT" MUST= NOT be used?

For #2, I see the problem, but do we need to fix it?


F= rom: Hannes Tschofenig <hannes.tschofenig@gmx.net>
= To: William Mills <wmills@= yahoo-inc.com>
Cc: = Hannes Tschofenig <hannes.tschofenig@gmx.net>; Alexey Melnikov <alexey.m= elnikov@isode.com>; "kitten@ietf.org" <kitten@ietf.org>
Sent: Thursday, October 4, 2012= 12:18 AM
Subject: Re:= [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt
There are two problems:

1) OAUTH10A-PLUS says that it adds channel= binding capability to
OAUTH10A for additional security guarantees.
=
Since OAUTH10A includes the PLAINTEXT mechanism the channel binding procedure does not work as described. The PLAINTEXT mechanism (which is a misleading name given that it runs on top of TLS) corresponds to the OAuth 2.0 Bearer Token-based mechanism but is just less well specified (which may lead to interoperability problems).

2) RSA-SHA1 is not = sufficiently specified in OAuth 1.0a that it would
actually work. In particular, there is no protocol mechanism to obtain
the temporary RSA= key pair.

Ciao
Hannes

On 10/03/2012 10:25 PM, William Mil= ls wrote:
> In 1.0a the signature method is part of the transaction, = i.e.
>
>      oauth_signature_method=3D"HMAC-SHA= 1"
>
> The server actually has to support all 3 methods I belie= ve.  There is no choice to make here for the mechanism.
>
>= ;
>
>    -------------------------------------------= -----------------------------
>    *From:* Hannes Tschofen= ig <hannes.tschofenig@gmx.net>
>   = ; *To:* Alexey Melnikov <alexey.melnikov@isode.com&g= t;
>    *Cc:* "kitten@ietf.org" <kitten@ietf.org>= ;
>    *Sent:* Wednesday, October 3, 2012 11:48 AM
>=     *Subject:* Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth= -08.txt
>
>    I did a quick review of the document.= It can be found here:
>    http://ww= w.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.pdf
>  =   http://www.tschofenig.priv.at/draft-ietf-kitte= n-sasl-oauth-08.doc
>
>    There is one issue th= at I am not entirely sure about.
>
>    OAUTH10A ref= ers to "Authorization using OAuth 1.0a tokens."
>
>   = ;=20 OAuth 1.0a, however, has three mechanisms
>
>    a)= HMAC-SHA1
>    b) RSA-SHA1
>    c) PLAIN= TEXT (over TLS)
>
>    (The PLAINTEXT version withou= t TLS was part of the community edition
>    of OAuth 1.0.= I ignore it here.)
>
>    To which of these three m= echanisms does OAUTH10A refer to?
>
>    Ciao
>= ;    Hannes
>
>
>    On 09/23/2012 = 09:22 AM, Alexey Melnikov wrote:
>      > On behalf= of Kitten WG chairs I would like to initiate 2 weeks
>    = Working
>      > Group Last Call on draft-ietf-kit= ten-sasl-oauth-08.txt. Please reply
>      > with y= our comments (positive and/or negative) directly to the mailing
>&nbs= p;     > list or to WG chairs kitten-chairs@tools.ietf.org
>    &= lt;mailto:kitten-chairs@tools.ietf.org>. Statem= ent of support
>      > such as "I reviewed the doc= ument and it looks ready for publication"
>      > = will also be appreciated.
>      >
>  &n= bsp;   > Alexey,
>      > as [outgoing] Kit= ten co-chair.
>      >
>      = > _______________________________________________
>    &= nbsp; > Kitten mailing list
>      > Kitten@ietf.org= <mailto:Kitten@ietf.org>
>  &nbs= p;   > https://www.ietf.org/mailman/listinfo/kitten
>
= >    _______________________________________________
>&= nbsp;   Kitten mailing list
>    Kitten@ietf.org <= mailto:Kitten@ietf.org>
>    https://www.ietf.org/mailma= n/listinfo/kitten
>
>



---1036955950-251186651-1349362181=:41288-- From hannes.tschofenig@gmx.net Thu Oct 4 08:12:16 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9996E11E80C5 for ; Thu, 4 Oct 2012 08:12:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id APwdTsJYeT00 for ; Thu, 4 Oct 2012 08:12:15 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 2E50711E80BA for ; Thu, 4 Oct 2012 08:12:15 -0700 (PDT) Received: (qmail invoked by alias); 04 Oct 2012 15:12:13 -0000 Received: from unknown (EHLO [10.255.137.105]) [194.251.119.201] by mail.gmx.net (mp069) with SMTP; 04 Oct 2012 17:12:13 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX18A0HAjUP0APDcGHTvp+47Tu+ImTnXF4Xo3tWRu5H B+mPvK55ej9Jr2 Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: <1349362181.41288.YahooMailNeo@web31802.mail.mud.yahoo.com> Date: Thu, 4 Oct 2012 18:12:09 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <3EF02CCF-37BD-42E3-9347-2FE55E5CCBD2@gmx.net> References: <505EAAC3.1040005@isode.com> <506C886F.7090506@gmx.net> <1349292310.34385.YahooMailNeo@web31806.mail.mud.yahoo.com> <506D383C.4010203@gmx.net> <1349362181.41288.YahooMailNeo@web31802.mail.mud.yahoo.com> To: William Mills X-Mailer: Apple Mail (2.1085) X-Y-GMX-Trusted: 0 Cc: "kitten@ietf.org" Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2012 15:12:16 -0000 Hey,=20 On Oct 4, 2012, at 5:49 PM, William Mills wrote: > For #1 below can we solve this with text stating that in -PLUS that = "PLAINTEXT" MUST NOT be used? >=20 Sure.=20 > For #2, I see the problem, but do we need to fix it? No, we can say that we are talking about HMAC-SHA1 only and ignore the = RSA stuff.=20 Ciao hannes >=20 >=20 > From: Hannes Tschofenig > To: William Mills =20 > Cc: Hannes Tschofenig ; Alexey Melnikov = ; "kitten@ietf.org" =20 > Sent: Thursday, October 4, 2012 12:18 AM > Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt >=20 > There are two problems: >=20 > 1) OAUTH10A-PLUS says that it adds channel binding capability to=20 > OAUTH10A for additional security guarantees. >=20 > Since OAUTH10A includes the PLAINTEXT mechanism the channel binding=20 > procedure does not work as described. The PLAINTEXT mechanism (which = is=20 > a misleading name given that it runs on top of TLS) corresponds to the=20= > OAuth 2.0 Bearer Token-based mechanism but is just less well specified=20= > (which may lead to interoperability problems). >=20 > 2) RSA-SHA1 is not sufficiently specified in OAuth 1.0a that it would=20= > actually work. In particular, there is no protocol mechanism to obtain=20= > the temporary RSA key pair. >=20 > Ciao > Hannes >=20 > On 10/03/2012 10:25 PM, William Mills wrote: > > In 1.0a the signature method is part of the transaction, i.e. > > > > oauth_signature_method=3D"HMAC-SHA1" > > > > The server actually has to support all 3 methods I believe. There = is no choice to make here for the mechanism. > > > > > > > > = ------------------------------------------------------------------------ > > *From:* Hannes Tschofenig > > *To:* Alexey Melnikov > > *Cc:* "kitten@ietf.org" > > *Sent:* Wednesday, October 3, 2012 11:48 AM > > *Subject:* Re: [kitten] WGLC on = draft-ietf-kitten-sasl-oauth-08.txt > > > > I did a quick review of the document. It can be found here: > > http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.pdf > > http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.doc > > > > There is one issue that I am not entirely sure about. > > > > OAUTH10A refers to "Authorization using OAuth 1.0a tokens." > > > > OAuth 1.0a, however, has three mechanisms > > > > a) HMAC-SHA1 > > b) RSA-SHA1 > > c) PLAINTEXT (over TLS) > > > > (The PLAINTEXT version without TLS was part of the community = edition > > of OAuth 1.0. I ignore it here.) > > > > To which of these three mechanisms does OAUTH10A refer to? > > > > Ciao > > Hannes > > > > > > On 09/23/2012 09:22 AM, Alexey Melnikov wrote: > > > On behalf of Kitten WG chairs I would like to initiate 2 = weeks > > Working > > > Group Last Call on draft-ietf-kitten-sasl-oauth-08.txt. = Please reply > > > with your comments (positive and/or negative) directly to the = mailing > > > list or to WG chairs kitten-chairs@tools.ietf.org > > . Statement of support > > > such as "I reviewed the document and it looks ready for = publication" > > > will also be appreciated. > > > > > > Alexey, > > > as [outgoing] Kitten co-chair. > > > > > > _______________________________________________ > > > Kitten mailing list > > > Kitten@ietf.org > > > https://www.ietf.org/mailman/listinfo/kitten > > > > _______________________________________________ > > Kitten mailing list > > Kitten@ietf.org > > https://www.ietf.org/mailman/listinfo/kitten > > > > >=20 >=20 >=20 From wmills@yahoo-inc.com Thu Oct 4 09:11:58 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6877D21F86F9 for ; Thu, 4 Oct 2012 09:11:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.599 X-Spam-Level: X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_DEF_WHITELIST=-15] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dyCluOLZOy9n for ; Thu, 4 Oct 2012 09:11:57 -0700 (PDT) Received: from nm33-vm0.bullet.mail.ne1.yahoo.com (nm33-vm0.bullet.mail.ne1.yahoo.com [98.138.229.64]) by ietfa.amsl.com (Postfix) with SMTP id 66A7021F86D4 for ; Thu, 4 Oct 2012 09:11:57 -0700 (PDT) Received: from [98.138.226.176] by nm33.bullet.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 16:11:47 -0000 Received: from [98.138.87.7] by tm11.bullet.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 16:11:47 -0000 Received: from [127.0.0.1] by omp1007.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 16:11:47 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 646853.45354.bm@omp1007.mail.ne1.yahoo.com Received: (qmail 95327 invoked by uid 60001); 4 Oct 2012 16:11:47 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1349367107; bh=alIsdMdeWbH1ZhF9raNVkgOfinUOx0MIPebjDhRjZ98=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=caN+fFI6Ft3FAP3/hP3K7sC77n/3v3CSZK+4liB0oO/yZwsb+XEqf/ed+3exZmVyVYm1ljgkC0MrpcPMfioSELUHta5+WDdg4C5bfX0GPEKNnBqsxL9F7ehDOWg9iTkIy5KwDt7E5hQjC1PUaIykWRAl5ZCrdtlB+hgrQcBPyE8= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=rmkr5sgvIhrKihpUNxzFdKjb5a6mAbpkBScdEGHB7b/MkE5PhfPVSUwR3BX4dNQguNJb23Cugx4HmuqDb4Q8SlX2ozl2V6c7hNi681tFq9rNKYA0r1Ex7kC5FyGdV578c1yPzT77Uwvnfjaze+XkS5NUuY5g7+yI6UAqzecBadg=; X-YMail-OSG: i8KDKrMVM1k9gJ7EhRH6hM9TsCSGSAi_xvrMN9e8j9rlquU GPibKkBT4kMZq6ybI3QTGt1yu3I7oD49EuYXYKrSIGwU9AGJN0PDSj2XNzHe JZ92B2k4t3UmOItVZGr.Lr4lrPf13m89hjuVfs72f00C1c7YdsysBe6Dhis9 ZTwjmDWA.wwlZBhsBWKg7JqW7Np3vJXhRnHxTUurrtFpzcKkQ0bBQ5atGfXh 1BrVP1CXeAklc4DSKb_IdnlxKveTTwVNQdB8d3UwPc9ZekZxQb_xhyk.rFxm kpOzDYsKVMQNeGx8oOLfHxfyoQ8a_iDRXx03AGtMQJAmsF4rp3Rb3ooNSsJk Wa..mNHQKSNQmqhkMUm9Af5RrgJ052nk7FyVE5JVvW4tAdiKmxfJrn07n76K LpjhZ7vWNgEE7AC6txJmGdvxQFcPkQ_mlDb3S3KGzzKw7N.cyeXSIIqxZekr 0FBBpHxIwZgABOceBnpjVt8YaUPXSLNrcMJUPugrkD_UMAQfBOB3.Ats54Ci dlQS7LHXNay6f6bdYq976oySm13ER68wZ5xHqrYrEzusHLSRAiu0LXC1r8iz 3FNMd Received: from [107.39.46.237] by web31803.mail.mud.yahoo.com via HTTP; Thu, 04 Oct 2012 09:11:47 PDT X-Rocket-MIMEInfo: 001.001, CgoKCkhhbm5lcywgCgpTaW5jZSB5b3UgaGF2ZSB0aGUgInRva2VuIiBhdCB0aGUgbW9tZW50IG9uIHRoZSBkcmFmdCwgSSdkIGxpa2UgdG8gcHJvcG9zZSB0aGUgZm9sbG93aW5nIGNoYW5nZSBpbiBTZWN0aW9uIDMuNCwgbGFzdCBzZW50ZW5jZSBvZiB0aGUgZmlyc3QgcGFyYWdyYXBoLsKgIEl0IGN1cnJlbnRseSByZWFkczoKCsKgwqDCoCBJdCBzaG91bGQgYmUgbm90ZWQgdGhhdCB3aGlsZSB0aGUgQmVhcmVyIHRva2VuIHNjaGVtZSBzcGVjaWZpZXMgU1NMIGZvciBub3JtYWwgdXNhZ2UgCsKgwqDCoCBpdCABMAEBAQE- X-RocketYMMF: william_john_mills X-Mailer: YahooMailWebService/0.8.123.449 References: <505EAAC3.1040005@isode.com> <506C886F.7090506@gmx.net> <1349292310.34385.YahooMailNeo@web31806.mail.mud.yahoo.com> <506D383C.4010203@gmx.net> <1349362181.41288.YahooMailNeo@web31802.mail.mud.yahoo.com> <3EF02CCF-37BD-42E3-9347-2FE55E5CCBD2@gmx.net> Message-ID: <1349367107.94377.YahooMailNeo@web31803.mail.mud.yahoo.com> Date: Thu, 4 Oct 2012 09:11:47 -0700 (PDT) From: William Mills To: Hannes Tschofenig In-Reply-To: <3EF02CCF-37BD-42E3-9347-2FE55E5CCBD2@gmx.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "kitten@ietf.org" Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: William Mills List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2012 16:11:58 -0000 =0A=0A=0A=0AHannes, =0A=0ASince you have the "token" at the moment on the d= raft, I'd like to propose the following change in Section 3.4, last sentenc= e of the first paragraph.=A0 It currently reads:=0A=0A=A0=A0=A0 It should b= e noted that while the Bearer token scheme specifies SSL for normal usage = =0A=A0=A0=A0 it offers no integrity protection and is not suitable for use = with channel binding.=0A=0AAnd I think it should change to:=0A=0A=A0=A0=A0 = The OAuth 1.0a PLAINTEXT "signature method" MUST NOT be used in OAUTH10A-PL= US, similarly =0A=A0=A0=A0 the Bearer token scheme specifies SSL for normal= usage but offers no integrity protection =0A=0A=A0=A0=A0 and is not suitab= le for use with channel binding.=0A=0A=0A-bill=0A=0A=0A>___________________= _____________=0A> From: Hannes Tschofenig =0A>To= : William Mills =0A>Cc: Hannes Tschofenig ; Alexey Melnikov ; "kitten@iet= f.org" =0A>Sent: Thursday, October 4, 2012 8:12 AM=0A>Sub= ject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt=0A> =0A>Hey,= =0A>=0A>On Oct 4, 2012, at 5:49 PM, William Mills wrote:=0A>=0A>> For #1 b= elow can we solve this with text stating that in -PLUS that "PLAINTEXT" MUS= T NOT be used?=0A>> =0A>Sure. =0A>=0A>> For #2, I see the problem, but do w= e need to fix it?=0A>=0A>No, we can say that we are talking about HMAC-SHA1= only and ignore the RSA stuff. =0A>=0A>Ciao=0A>hannes=0A>=0A>> =0A>> =0A>>= From: Hannes Tschofenig =0A>> To: William Mills= =0A>> Cc: Hannes Tschofenig ; Alexey Melnikov ; "kitten@ietf.org" =0A>> Sent: Thursday, October 4, 2012 12:18 AM=0A>> Subject: Re= : [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt=0A>> =0A>> There are= two problems:=0A>> =0A>> 1) OAUTH10A-PLUS says that it adds channel bindin= g capability to =0A>> OAUTH10A for additional security guarantees.=0A>> =0A= >> Since OAUTH10A includes the PLAINTEXT mechanism the channel binding =0A>= > procedure does not work as described. The PLAINTEXT mechanism (which is = =0A>> a misleading name given that it runs on top of TLS) corresponds to th= e =0A>> OAuth 2.0 Bearer Token-based mechanism but is just less well specif= ied =0A>> (which may lead to interoperability problems).=0A>> =0A>> 2) RSA-= SHA1 is not sufficiently specified in OAuth 1.0a that it would =0A>> actual= ly work. In particular, there is no protocol mechanism to obtain =0A>> the = temporary RSA key pair.=0A>> =0A>> Ciao=0A>> Hannes=0A>> =0A>> On 10/03/201= 2 10:25 PM, William Mills wrote:=0A>> > In 1.0a the signature method is par= t of the transaction, i.e.=0A>> >=0A>> >=A0 =A0 =A0 oauth_signature_method= =3D"HMAC-SHA1"=0A>> >=0A>> > The server actually has to support all 3 metho= ds I believe.=A0 There is no choice to make here for the mechanism.=0A>> >= =0A>> >=0A>> >=0A>> >=A0 =A0 ----------------------------------------------= --------------------------=0A>> >=A0 =A0 *From:* Hannes Tschofenig =0A>> >=A0 =A0 *To:* Alexey Melnikov =0A>> >=A0 =A0 *Cc:* "kitten@ietf.org" =0A>> >=A0 = =A0 *Sent:* Wednesday, October 3, 2012 11:48 AM=0A>> >=A0 =A0 *Subject:* Re= : [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt=0A>> >=0A>> >=A0 =A0= I did a quick review of the document. It can be found here:=0A>> >=A0 =A0 = http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.pdf=0A>> >=A0= =A0 http://www.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.doc=0A>>= >=0A>> >=A0 =A0 There is one issue that I am not entirely sure about.=0A>>= >=0A>> >=A0 =A0 OAUTH10A refers to "Authorization using OAuth 1.0a tokens.= "=0A>> >=0A>> >=A0 =A0 OAuth 1.0a, however, has three mechanisms=0A>> >=0A>= > >=A0 =A0 a) HMAC-SHA1=0A>> >=A0 =A0 b) RSA-SHA1=0A>> >=A0 =A0 c) PLAINTEX= T (over TLS)=0A>> >=0A>> >=A0 =A0 (The PLAINTEXT version without TLS was pa= rt of the community edition=0A>> >=A0 =A0 of OAuth 1.0. I ignore it here.)= =0A>> >=0A>> >=A0 =A0 To which of these three mechanisms does OAUTH10A refe= r to?=0A>> >=0A>> >=A0 =A0 Ciao=0A>> >=A0 =A0 Hannes=0A>> >=0A>> >=0A>> >= =A0 =A0 On 09/23/2012 09:22 AM, Alexey Melnikov wrote:=0A>> >=A0 =A0 =A0 > = On behalf of Kitten WG chairs I would like to initiate 2 weeks=0A>> >=A0 = =A0 Working=0A>> >=A0 =A0 =A0 > Group Last Call on draft-ietf-kitten-sasl-o= auth-08.txt. Please reply=0A>> >=A0 =A0 =A0 > with your comments (positive = and/or negative) directly to the mailing=0A>> >=A0 =A0 =A0 > list or to WG = chairs kitten-chairs@tools.ietf.org=0A>> >=A0 =A0 . Statement of support=0A>> >=A0 =A0 =A0 > such as "I reviewed = the document and it looks ready for publication"=0A>> >=A0 =A0 =A0 > will a= lso be appreciated.=0A>> >=A0 =A0 =A0 >=0A>> >=A0 =A0 =A0 > Alexey,=0A>> >= =A0 =A0 =A0 > as [outgoing] Kitten co-chair.=0A>> >=A0 =A0 =A0 >=0A>> >=A0 = =A0 =A0 > _______________________________________________=0A>> >=A0 =A0 =A0= > Kitten mailing list=0A>> >=A0 =A0 =A0 > Kitten@ietf.org =0A>> >=A0 =A0 =A0 > https://www.ietf.org/mailman/listinfo/kitten= =0A>> >=0A>> >=A0 =A0 _______________________________________________=0A>> = >=A0 =A0 Kitten mailing list=0A>> >=A0 =A0 Kitten@ietf.org =0A>> >=A0 =A0 https://www.ietf.org/mailman/listinfo/kitten=0A>> >= =0A>> >=0A>> =0A>> =0A>> =0A>=0A>=0A>=0A> From wmills@yahoo-inc.com Thu Oct 4 09:20:41 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B4671F0C97 for ; Thu, 4 Oct 2012 09:20:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.599 X-Spam-Level: X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_DEF_WHITELIST=-15] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KZuX-s5QP4Wd for ; Thu, 4 Oct 2012 09:20:38 -0700 (PDT) Received: from nm24.bullet.mail.sp2.yahoo.com (nm24.bullet.mail.sp2.yahoo.com [98.139.91.94]) by ietfa.amsl.com (Postfix) with SMTP id 592421F0C96 for ; Thu, 4 Oct 2012 09:20:38 -0700 (PDT) Received: from [72.30.22.78] by nm24.bullet.mail.sp2.yahoo.com with NNFMP; 04 Oct 2012 16:20:35 -0000 Received: from [98.139.91.34] by tm12.bullet.mail.sp2.yahoo.com with NNFMP; 04 Oct 2012 16:20:35 -0000 Received: from [127.0.0.1] by omp1034.mail.sp2.yahoo.com with NNFMP; 04 Oct 2012 16:20:35 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 708910.47335.bm@omp1034.mail.sp2.yahoo.com Received: (qmail 5799 invoked by uid 60001); 4 Oct 2012 16:20:35 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1349367635; bh=oIUScbKVRkLL7cjTqEevh0+HIj8rUFMxqAdrEKQ0J78=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=fwLlxmMeUl7PvaaFPYM8hyY8ujQ4Q0ruUt8iIRlenVj2ZFeIxT56Y/ols9nGRAqspTtqh9eD73WXB6nHWCUKacV4WFo1eIbYeNEk/2SIcm+B+rOT8by9jPs0L9N9okjHlXLQgjaBX21BPnVMOIyH7I28Qduo5cFpLmUi7LfqmN4= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=o0gYAhs14qu933HOGuDWnv+7cwCCMU6gJaDwODRGwd4C1I8DD74bLcm0x1SVY+YDw1URHCtOH9sIq4zUKn/D+bqtNwwpRuDFB2eyvBD01MYptQ3N1PS0ErLhCr2o8bGvZkr7TNaDx1di3+8ZqsGp+4u+Err6AWMX69mtVXqVZC0=; X-YMail-OSG: R6bzwtwVM1ntTsEPd5glLi.isMbPWD.3BDKxEukM43.svUh Td3p8vRmE_XvcJenae402KWm.flmTq480oMyJDUZgxLltUNZiJq3a9b063Ns MjLuU9_3zWNF2DkJLwELcZpyQrptp4pQ8hRh9Wx5k4R8rNaAQILbtasbHUua DdGJSSS2PtjCZkS2E1KNuhpAHH0L0RvxMmlQOIXiEYcixup4KK7KM2lVFGg0 GMn5fpmadW_5POZNSCPE5iZM4HvIgobAf8_Xi0xI1O5Ggu8QXvyFYG6WGUFR brOgEE2RuADeM0PuMIonlZffXfjHR5D4EidK71hS4ypRWn6gXKKaqLSFK8RX _p7TnP9O8256JlfuhFb5G9n_6JT88wTscvH2JAMN_lsbYuLlAih4w8b7zgWP k19yiDyyeVjnogTcXnykxA.Y.vLsBr3FGK5tgDggQUSw2YY2_SF_8JYlzASz t3ceyMnX6rUToib7dQ4pd3Ii_Jmr.1kSZvVUIATHKO2qV7wXberised9jHnb Z0MDPj3mCQ1aVb2zOFYn8ASWoK6t7ul.0DBJm6s99PtkPe451ew5wlX2mR_7 YtBYT Received: from [107.39.46.237] by web31802.mail.mud.yahoo.com via HTTP; Thu, 04 Oct 2012 09:20:34 PDT X-Rocket-MIMEInfo: 001.001, SSB0aGluayB3ZSBjYW4ganVzdCBpZ25vcmUgdGhlIFJTQSBrZXkgZXhjaGFuZ2UgaXNzdWUgc2luY2UgaXQncyBwb3NzaWJsZSBmb3IgMiBlbmRwb2ludHMgdG8gaGF2ZSBzcGVjaWZpZWQgUlNBIGtleXMgb3V0IG9mIGJhbmQuwqAgTm8gcG9pbnQgaW4gd3JpdGluZyBpdCBvdXQgb2YgdGhlIHNwZWMuCgoKCi0tLS0tIE9yaWdpbmFsIE1lc3NhZ2UgLS0tLS0KPiBGcm9tOiBIYW5uZXMgVHNjaG9mZW5pZyA8aGFubmVzLnRzY2hvZmVuaWdAZ214Lm5ldD4KPiBUbzogV2lsbGlhbSBNaWxscyA8d21pbGxzQHlhaG8BMAEBAQE- X-RocketYMMF: william_john_mills X-Mailer: YahooMailWebService/0.8.123.449 References: <505EAAC3.1040005@isode.com> <506C886F.7090506@gmx.net> <1349292310.34385.YahooMailNeo@web31806.mail.mud.yahoo.com> <506D383C.4010203@gmx.net> <1349362181.41288.YahooMailNeo@web31802.mail.mud.yahoo.com> <3EF02CCF-37BD-42E3-9347-2FE55E5CCBD2@gmx.net> Message-ID: <1349367634.29686.YahooMailNeo@web31802.mail.mud.yahoo.com> Date: Thu, 4 Oct 2012 09:20:34 -0700 (PDT) From: William Mills To: Hannes Tschofenig In-Reply-To: <3EF02CCF-37BD-42E3-9347-2FE55E5CCBD2@gmx.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "kitten@ietf.org" Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: William Mills List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2012 16:20:41 -0000 I think we can just ignore the RSA key exchange issue since it's possible f= or 2 endpoints to have specified RSA keys out of band.=A0 No point in writi= ng it out of the spec.=0A=0A=0A=0A----- Original Message -----=0A> From: Ha= nnes Tschofenig =0A> To: William Mills =0A> Cc: Hannes Tschofenig ; Alexey= Melnikov ; "kitten@ietf.org" = =0A> Sent: Thursday, October 4, 2012 8:12 AM=0A> Subject: Re: [kitten] WGLC= on draft-ietf-kitten-sasl-oauth-08.txt=0A> =0A> Hey, =0A> =0A> On Oct 4, 2= 012, at 5:49 PM, William Mills wrote:=0A> =0A>> For #1 below can we solve = this with text stating that in -PLUS that =0A> "PLAINTEXT" MUST NOT be used= ?=0A>> =0A> Sure. =0A> =0A>> For #2, I see the problem, but do we need to = fix it?=0A> =0A> No, we can say that we are talking about HMAC-SHA1 only an= d ignore the RSA =0A> stuff. =0A> =0A> Ciao=0A> hannes=0A> =0A>> =0A>> =0A>= > From: Hannes Tschofenig =0A>> To: William Mi= lls =0A>> Cc: Hannes Tschofenig ; Alexey Melnikov =0A> ; "kitten@ietf.or= g" =0A> =0A>> Sent: Thursday, October 4, 2012 12:18 AM= =0A>> Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-08.txt=0A= >> =0A>> There are two problems:=0A>> =0A>> 1) OAUTH10A-PLUS says that it= adds channel binding capability to =0A>> OAUTH10A for additional security= guarantees.=0A>> =0A>> Since OAUTH10A includes the PLAINTEXT mechanism th= e channel binding =0A>> procedure does not work as described. The PLAINTEX= T mechanism (which is =0A>> a misleading name given that it runs on top of= TLS) corresponds to the =0A>> OAuth 2.0 Bearer Token-based mechanism but = is just less well specified =0A>> (which may lead to interoperability prob= lems).=0A>> =0A>> 2) RSA-SHA1 is not sufficiently specified in OAuth 1.0a = that it would =0A>> actually work. In particular, there is no protocol mec= hanism to obtain =0A>> the temporary RSA key pair.=0A>> =0A>> Ciao=0A>> = Hannes=0A>> =0A>> On 10/03/2012 10:25 PM, William Mills wrote:=0A>> > In = 1.0a the signature method is part of the transaction, i.e.=0A>> >=0A>> >= =A0 =A0 =A0 oauth_signature_method=3D"HMAC-SHA1"=0A>> >=0A>> > The server= actually has to support all 3 methods I believe.=A0 There is =0A> no choic= e to make here for the mechanism.=0A>> >=0A>> >=0A>> >=0A>> >=A0 =A0 = =0A> ----------------------------------------------------------------------= --=0A>> >=A0 =A0 *From:* Hannes Tschofenig =0A>= > >=A0 =A0 *To:* Alexey Melnikov =0A>> >=A0 = =A0 *Cc:* "kitten@ietf.org" =0A>> >=A0 =A0 *Sent:* Wednes= day, October 3, 2012 11:48 AM=0A>> >=A0 =A0 *Subject:* Re: [kitten] WGLC o= n draft-ietf-kitten-sasl-oauth-08.txt=0A>> >=0A>> >=A0 =A0 I did a quick = review of the document. It can be found here:=0A>> >=A0 =A0 http://www.tsc= hofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.pdf=0A>> >=A0 =A0 http://w= ww.tschofenig.priv.at/draft-ietf-kitten-sasl-oauth-08.doc=0A>> >=0A>> >= =A0 =A0 There is one issue that I am not entirely sure about.=0A>> >=0A>> = >=A0 =A0 OAUTH10A refers to "Authorization using OAuth 1.0a =0A> tokens."= =0A>> >=0A>> >=A0 =A0 OAuth 1.0a, however, has three mechanisms=0A>> >= =0A>> >=A0 =A0 a) HMAC-SHA1=0A>> >=A0 =A0 b) RSA-SHA1=0A>> >=A0 =A0 c) P= LAINTEXT (over TLS)=0A>> >=0A>> >=A0 =A0 (The PLAINTEXT version without T= LS was part of the community =0A> edition=0A>> >=A0 =A0 of OAuth 1.0. I ig= nore it here.)=0A>> >=0A>> >=A0 =A0 To which of these three mechanisms do= es OAUTH10A refer to?=0A>> >=0A>> >=A0 =A0 Ciao=0A>> >=A0 =A0 Hannes=0A>= > >=0A>> >=0A>> >=A0 =A0 On 09/23/2012 09:22 AM, Alexey Melnikov wrote:= =0A>> >=A0 =A0 =A0 > On behalf of Kitten WG chairs I would like to initiat= e 2 =0A> weeks=0A>> >=A0 =A0 Working=0A>> >=A0 =A0 =A0 > Group Last Call = on draft-ietf-kitten-sasl-oauth-08.txt. =0A> Please reply=0A>> >=A0 =A0 = =A0 > with your comments (positive and/or negative) directly to =0A> the ma= iling=0A>> >=A0 =A0 =A0 > list or to WG chairs kitten-chairs@tools.ietf.or= g=0A>> >=A0 =A0 . Statement of suppor= t=0A>> >=A0 =A0 =A0 > such as "I reviewed the document and it looks ready = for =0A> publication"=0A>> >=A0 =A0 =A0 > will also be appreciated.=0A>> = >=A0 =A0 =A0 >=0A>> >=A0 =A0 =A0 > Alexey,=0A>> >=A0 =A0 =A0 > as [outgoi= ng] Kitten co-chair.=0A>> >=A0 =A0 =A0 >=0A>> >=A0 =A0 =A0 > ____________= ___________________________________=0A>> >=A0 =A0 =A0 > Kitten mailing lis= t=0A>> >=A0 =A0 =A0 > Kitten@ietf.org =0A>> >=A0 = =A0 =A0 > https://www.ietf.org/mailman/listinfo/kitten=0A>> >=0A>> >=A0 = =A0 _______________________________________________=0A>> >=A0 =A0 Kitten m= ailing list=0A>> >=A0 =A0 Kitten@ietf.org =0A>> >= =A0 =A0 https://www.ietf.org/mailman/listinfo/kitten=0A>> >=0A>> >=0A>> = =0A>> =0A>> =0A> From shawn.emery@oracle.com Mon Oct 15 11:51:43 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8988921F8812 for ; Mon, 15 Oct 2012 11:51:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.109 X-Spam-Level: X-Spam-Status: No, score=-9.109 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YWFaHrLllGCs for ; Mon, 15 Oct 2012 11:51:43 -0700 (PDT) Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id D360321F881D for ; Mon, 15 Oct 2012 11:51:42 -0700 (PDT) Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q9FIpfqD001380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 15 Oct 2012 18:51:41 GMT Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q9FIpeNG011853 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 15 Oct 2012 18:51:41 GMT Received: from abhmt119.oracle.com (abhmt119.oracle.com [141.146.116.71]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q9FIpevX008769 for ; Mon, 15 Oct 2012 13:51:40 -0500 Received: from [10.159.117.157] (/10.159.117.157) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 15 Oct 2012 11:51:39 -0700 Message-ID: <507C5AD0.5040705@oracle.com> Date: Mon, 15 Oct 2012 12:49:52 -0600 From: Shawn Emery User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:10.0.7) Gecko/20120926 Thunderbird/10.0.7 MIME-Version: 1.0 To: "kitten@ietf.org" Content-Type: multipart/alternative; boundary="------------010609080006080108030000" X-Source-IP: ucsinet21.oracle.com [156.151.31.93] Subject: [kitten] IETF 85: Requesting Agenda Items X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Oct 2012 18:51:43 -0000 This is a multi-part message in MIME format. --------------010609080006080108030000 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit We are currently requesting kitten agenda items to be discussed for IETF 85. Please send any requests to the list or to me. Shawn. kitten co-chair -- --------------010609080006080108030000 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
We are currently requesting kitten agenda items to be discussed for IETF 85.  Please send any requests to the list or to me.

Shawn.
kitten co-chair
--
 --------------010609080006080108030000-- From cantor.2@osu.edu Mon Oct 15 12:04:33 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C86A021F887B for ; Mon, 15 Oct 2012 12:04:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.974 X-Spam-Level: X-Spam-Status: No, score=-3.974 tagged_above=-999 required=5 tests=[AWL=-0.375, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pf8wY0Oti8AU for ; Mon, 15 Oct 2012 12:04:33 -0700 (PDT) Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe002.messaging.microsoft.com [216.32.180.185]) by ietfa.amsl.com (Postfix) with ESMTP id 4DC5D21F884D for ; Mon, 15 Oct 2012 12:04:32 -0700 (PDT) Received: from mail147-co1-R.bigfish.com (10.243.78.247) by CO1EHSOBE006.bigfish.com (10.243.66.69) with Microsoft SMTP Server id 14.1.225.23; Mon, 15 Oct 2012 19:04:31 +0000 Received: from mail147-co1 (localhost [127.0.0.1]) by mail147-co1-R.bigfish.com (Postfix) with ESMTP id E79F3940070; Mon, 15 Oct 2012 19:04:30 +0000 (UTC) X-Forefront-Antispam-Report: CIP:164.107.81.40; KIP:(null); UIP:(null); IPV:NLI; H:CIO-KRC-HT02.osuad.osu.edu; RD:cio-krc-ht02.osuad.osu.edu; EFVD:NLI X-SpamScore: -4 X-BigFish: VPS-4(zzbb2dI98dI9371I1432Izz1d77h1202h1d1ah1d2ahzz8275bhz2fh2a8h668h839h944hd25hf0ah107ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1155h) Received-SPF: pass (mail147-co1: domain of osu.edu designates 164.107.81.40 as permitted sender) client-ip=164.107.81.40; envelope-from=cantor.2@osu.edu; helo=CIO-KRC-HT02.osuad.osu.edu ; suad.osu.edu ; Received: from mail147-co1 (localhost.localdomain [127.0.0.1]) by mail147-co1 (MessageSwitch) id 1350327867972303_16397; Mon, 15 Oct 2012 19:04:27 +0000 (UTC) Received: from CO1EHSMHS028.bigfish.com (unknown [10.243.78.240]) by mail147-co1.bigfish.com (Postfix) with ESMTP id E1B72D8006A; Mon, 15 Oct 2012 19:04:27 +0000 (UTC) Received: from CIO-KRC-HT02.osuad.osu.edu (164.107.81.40) by CO1EHSMHS028.bigfish.com (10.243.66.38) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 15 Oct 2012 19:04:27 +0000 Received: from CIO-KRC-D1MBX01.osuad.osu.edu ([fe80::450b:35e6:80f4:f3e0]) by CIO-KRC-HT02.osuad.osu.edu ([fe80::8554:1787:2a7:72c9%12]) with mapi id 14.02.0309.002; Mon, 15 Oct 2012 15:04:15 -0400 From: "Cantor, Scott" To: Shawn Emery , "kitten@ietf.org" Thread-Topic: [kitten] IETF 85: Requesting Agenda Items Thread-Index: AQHNqwYjRWGaDF4omk6Z4d/8U0R0Ape6ua0A Date: Mon, 15 Oct 2012 19:04:15 +0000 Message-ID: In-Reply-To: <507C5AD0.5040705@oracle.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [128.146.178.36] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: osu.edu Subject: Re: [kitten] IETF 85: Requesting Agenda Items X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Oct 2012 19:04:33 -0000 On 10/15/12 2:49 PM, "Shawn Emery" wrote: > >We are currently requesting kitten agenda items to be discussed for IETF >85. Please send any requests to the list or to me. I'd like a bit of time to run through some of the decisions on the SAML-EC draft needing expert review. Naming and keying issues primarily. -- Scott From hartmans@mit.edu Mon Oct 15 14:21:09 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C81921F8A47 for ; Mon, 15 Oct 2012 14:21:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -95.238 X-Spam-Level: X-Spam-Status: No, score=-95.238 tagged_above=-999 required=5 tests=[AWL=-2.126, BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WKCYmxQdxGUy for ; Mon, 15 Oct 2012 14:21:09 -0700 (PDT) Received: from ec2-23-21-227-93.compute-1.amazonaws.com (ec2-23-21-227-93.compute-1.amazonaws.com [23.21.227.93]) by ietfa.amsl.com (Postfix) with ESMTP id 03BDF21F8A3C for ; Mon, 15 Oct 2012 14:21:08 -0700 (PDT) Received: from carter-zimmerman.suchdamage.org (c-98-217-126-210.hsd1.ma.comcast.net [98.217.126.210]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id DD38F20146; Mon, 15 Oct 2012 17:20:52 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id C292C4AD5; Mon, 15 Oct 2012 17:21:00 -0400 (EDT) From: Sam Hartman To: ietf-krb-wg@anl.gov Date: Mon, 15 Oct 2012 17:21:00 -0400 Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kitten@ietf.org Subject: [kitten] Kerberos IANA document will be a kitten draft X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Oct 2012 21:21:09 -0000 Before the chair change, Jeff and I asked Tom if he would be willing to edit an IANA draft based on Love's previous work in this space and our discussions to date. He graciously agreed. Unfortunately while we were not busy approving drafts, the tools underwent a half-life of dash-decay and no longer permit approving draft-ietf-krb-wg-*. So, Tom will be submitting draft-ietf-kitten-kerberos-iana-registries-00. From internet-drafts@ietf.org Mon Oct 15 16:52:22 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5DC011E8115; Mon, 15 Oct 2012 16:52:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.561 X-Spam-Level: X-Spam-Status: No, score=-102.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lr6G1wx8b1Zt; Mon, 15 Oct 2012 16:52:22 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38E2E21F8903; Mon, 15 Oct 2012 16:52:22 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.34 Message-ID: <20121015235222.6701.67782.idtracker@ietfa.amsl.com> Date: Mon, 15 Oct 2012 16:52:22 -0700 Cc: kitten@ietf.org Subject: [kitten] I-D Action: draft-ietf-kitten-kerberos-iana-registries-00.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Oct 2012 23:52:22 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Common Authentication Technology Next Gen= eration Working Group of the IETF. Title : Move Kerberos protocol parameter registries to IANA Author(s) : Tom Yu Filename : draft-ietf-kitten-kerberos-iana-registries-00.txt Pages : 6 Date : 2012-10-15 Abstract: The Keberos 5 network authentication protocol has several numeric protocol parameters. Most of these parameters are not currently under IANA maintenance. This document requests that IANA take over the maintenance of the remainder of these Kerberos parameters. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-kitten-kerberos-iana-registries There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-kitten-kerberos-iana-registries-00 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From jhutz@cmu.edu Mon Oct 15 19:36:09 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DDAE11E80D5 for ; Mon, 15 Oct 2012 19:36:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hWZ+Uk1a59Io for ; Mon, 15 Oct 2012 19:36:08 -0700 (PDT) Received: from smtp02.srv.cs.cmu.edu (SMTP02.SRV.CS.CMU.EDU [128.2.217.197]) by ietfa.amsl.com (Postfix) with ESMTP id 9375711E808D for ; Mon, 15 Oct 2012 19:36:08 -0700 (PDT) Received: from [192.168.202.158] (pool-74-111-100-191.pitbpa.fios.verizon.net [74.111.100.191]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id q9G2a5sC006827 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 15 Oct 2012 22:36:06 -0400 (EDT) From: Jeffrey Hutzelman To: Sam Hartman In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Date: Mon, 15 Oct 2012 22:36:04 -0400 Message-ID: <1350354964.19620.1216.camel@destiny.pc.cs.cmu.edu> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 7bit X-Scanned-By: mimedefang-cmuscs on 128.2.217.197 Cc: kitten@ietf.org, ietf-krb-wg@anl.gov, jhutz@cmu.edu Subject: Re: [kitten] [Ietf-krb-wg] Kerberos IANA document will be a kitten draft X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Oct 2012 02:36:09 -0000 On Mon, 2012-10-15 at 17:21 -0400, Sam Hartman wrote: > > Before the chair change, Jeff and I asked Tom if he would be willing to > edit an IANA draft based on Love's previous work in this space and our > discussions to date. > He graciously agreed. > > Unfortunately while we were not busy approving drafts, the tools > underwent a half-life of dash-decay and no longer permit approving > draft-ietf-krb-wg-*. So, Tom will be submitting > draft-ietf-kitten-kerberos-iana-registries-00. My advice to anyone who is thinking of becoming involved in forming a new working group: do _not_ let anyone suggest that a dash in the WG acronym is a good idea. :-) From internet-drafts@ietf.org Wed Oct 17 11:31:22 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D710421F86AF; Wed, 17 Oct 2012 11:31:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.562 X-Spam-Level: X-Spam-Status: No, score=-102.562 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ndNhiduqoAKa; Wed, 17 Oct 2012 11:31:22 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5948321F8671; Wed, 17 Oct 2012 11:31:22 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.34 Message-ID: <20121017183122.2829.38575.idtracker@ietfa.amsl.com> Date: Wed, 17 Oct 2012 11:31:22 -0700 Cc: kitten@ietf.org Subject: [kitten] I-D Action: draft-ietf-kitten-sasl-saml-ec-04.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Oct 2012 18:31:23 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Common Authentication Technology Next Gen= eration Working Group of the IETF. Title : SAML Enhanced Client SASL and GSS-API Mechanisms Author(s) : Scott Cantor Simon Josefsson Filename : draft-ietf-kitten-sasl-saml-ec-04.txt Pages : 36 Date : 2012-10-17 Abstract: Security Assertion Markup Language (SAML) 2.0 is a generalized framework for the exchange of security-related information between asserting and relying parties. Simple Authentication and Security Layer (SASL) and the Generic Security Service Application Program Interface (GSS-API) are application frameworks to facilitate an extensible authentication model. This document specifies a SASL and GSS-API mechanism for SAML 2.0 that leverages the capabilities of a SAML-aware "enhanced client" to address significant barriers to federated authentication in a manner that encourages reuse of existing SAML bindings and profiles designed for non-browser scenarios. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-saml-ec There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-kitten-sasl-saml-ec-04 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-kitten-sasl-saml-ec-04 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From hartmans@painless-security.com Mon Oct 22 16:44:31 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C36E11E810C for ; Mon, 22 Oct 2012 16:44:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.19 X-Spam-Level: X-Spam-Status: No, score=-100.19 tagged_above=-999 required=5 tests=[AWL=2.409, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OI7MLBmEcw9h for ; Mon, 22 Oct 2012 16:44:31 -0700 (PDT) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id EFDD411E8106 for ; Mon, 22 Oct 2012 16:44:30 -0700 (PDT) Received: from carter-zimmerman.suchdamage.org (c-98-217-126-210.hsd1.ma.comcast.net [98.217.126.210]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS id 2021B20180; Mon, 22 Oct 2012 19:44:08 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 6D5AE4AD5; Mon, 22 Oct 2012 19:44:28 -0400 (EDT) From: Sam Hartman To: kitten@ietf.org Date: Mon, 22 Oct 2012 19:44:28 -0400 Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: ietf-krb-wg@anl.gov Subject: [kitten] Please Welcome Simon Josefsson to the kitten leadership team X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Oct 2012 23:44:31 -0000 Hi. Josh, Shawn and I are delighted to welcome Simon as the kitten WG secretary. He'll be helping us review documents, track them through the publication process, helping with meeting logistics, that sort of thing. Simon has been active in this community for a long time and has provided a lot of review to the SASL and GSS-API community. Simon was instrumental in pulling together GS2 and SCRAM, and has helped out our more recent SASL mechanisms as well. He's also been helpful with GSS-API naming extensions. I'm really excited about the group of people we have coming into the Atlanta meeting. From shawn.emery@oracle.com Tue Oct 23 17:39:48 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 638B211E8126 for ; Tue, 23 Oct 2012 17:39:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.854 X-Spam-Level: X-Spam-Status: No, score=-9.854 tagged_above=-999 required=5 tests=[AWL=0.745, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOEShjDrsEhn for ; Tue, 23 Oct 2012 17:39:47 -0700 (PDT) Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id C781411E8128 for ; Tue, 23 Oct 2012 17:39:47 -0700 (PDT) Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q9O0dkqg018101 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 24 Oct 2012 00:39:47 GMT Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q9O0djaw025825 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 24 Oct 2012 00:39:46 GMT Received: from abhmt116.oracle.com (abhmt116.oracle.com [141.146.116.68]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q9O0dj0J000782 for ; Tue, 23 Oct 2012 19:39:45 -0500 Received: from [10.159.68.164] (/10.159.68.164) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 23 Oct 2012 17:39:45 -0700 Message-ID: <50873860.4060608@oracle.com> Date: Tue, 23 Oct 2012 18:37:52 -0600 From: Shawn Emery User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:10.0.7) Gecko/20120926 Thunderbird/10.0.7 MIME-Version: 1.0 To: "kitten@ietf.org" Content-Type: multipart/alternative; boundary="------------040404090200030607010709" X-Source-IP: ucsinet22.oracle.com [156.151.31.94] Subject: [kitten] IETF 85 Agenda X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2012 00:39:48 -0000 This is a multi-part message in MIME format. --------------040404090200030607010709 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Here is the draft agenda for the kitten session at IETF 85: http://www.ietf.org/proceedings/85/agenda/agenda-85-kitten Please provide feed-back/additions no later than 10/29/12 16:00 PDT. Shawn Emery kitten co-chair -- --------------040404090200030607010709 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
Here is the draft agenda for the kitten session at IETF 85:

    http://www.ietf.org/proceedings/85/agenda/agenda-85-kitten

Please provide feed-back/additions no later than 10/29/12 16:00 PDT.

Shawn Emery
kitten co-chair
--
 --------------040404090200030607010709-- From shawn.emery@oracle.com Thu Oct 25 11:05:39 2012 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F07321F8994 for ; Thu, 25 Oct 2012 11:05:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.226 X-Spam-Level: X-Spam-Status: No, score=-10.226 tagged_above=-999 required=5 tests=[AWL=0.372, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M6ccilMMDyEh for ; Thu, 25 Oct 2012 11:05:34 -0700 (PDT) Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by ietfa.amsl.com (Postfix) with ESMTP id 2ECA921F8695 for ; Thu, 25 Oct 2012 11:05:22 -0700 (PDT) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q9PI5KpK027969 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 25 Oct 2012 18:05:21 GMT Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q9PI5Kka017658 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 25 Oct 2012 18:05:20 GMT Received: from abhmt117.oracle.com (abhmt117.oracle.com [141.146.116.69]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q9PI5KWr028820 for ; Thu, 25 Oct 2012 13:05:20 -0500 Received: from [10.159.99.249] (/10.159.99.249) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 25 Oct 2012 11:05:19 -0700 Message-ID: <50897EEE.90404@oracle.com> Date: Thu, 25 Oct 2012 12:03:26 -0600 From: Shawn Emery User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:10.0.7) Gecko/20120926 Thunderbird/10.0.7 MIME-Version: 1.0 To: kitten@ietf.org References: <50873860.4060608@oracle.com> In-Reply-To: <50873860.4060608@oracle.com> Content-Type: multipart/alternative; boundary="------------070407090306090508020504" X-Source-IP: acsinet21.oracle.com [141.146.126.237] Subject: Re: [kitten] IETF 85 Agenda X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2012 18:05:39 -0000 This is a multi-part message in MIME format. --------------070407090306090508020504 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit An updated version of the agenda has been posted: http://www.ietf.org/proceedings/85/agenda/agenda-85-kitten to include agenda items in the Kerberos space. Shawn Emery kitten co-chair -- On 10/23/12 06:37 PM, Shawn Emery wrote: > > Here is the draft agenda for the kitten session at IETF 85: > > http://www.ietf.org/proceedings/85/agenda/agenda-85-kitten > > Please provide feed-back/additions no later than 10/29/12 16:00 PDT. > > Shawn Emery > kitten co-chair > -- > --------------070407090306090508020504 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
An updated version of the agenda has been posted:

    http://www.ietf.org/proceedings/85/agenda/agenda-85-kitten

to include agenda items in the Kerberos space.

Shawn Emery
kitten co-chair
--
On 10/23/12 06:37 PM, Shawn Emery wrote:

Here is the draft agenda for the kitten session at IETF 85:

    http://www.ietf.org/proceedings/85/agenda/agenda-85-kitten

Please provide feed-back/additions no later than 10/29/12 16:00 PDT.

Shawn Emery
kitten co-chair
--
--------------070407090306090508020504--