Luke,
Thanks again for writing all of this up in such a cogent way. Some comments
inline:
On Thu, Jan 28, 2010 at 7:29 AM, Luke Shepard wrote:
> In the discussions around the OAuth WRAP spec, one of the questions often
> asked is, “why use SSL exclusively?” Several of us have done a lot of
>
ammer-Lahav
Cc: Luke Shepard; oauth@ietf.org
Subject: Re: [OAUTH-WG] Discussion of SSL as the primary means for OAuth
communication
On Thu, Jan 28, 2010 at 7:10 PM, Eran Hammer-Lahav
mailto:e...@hueniverse.com>> wrote:
(For the sake of simplicity, I am going to refer to the Plain bearer toke
> will only work with a single algorithm (which is better cryptographic
> hygiene).
> So a vendor can choose to allow the client to pick the algorithm they want to
> you, or just tell them which one they are going to use.
>
> EHL
>
>
>
> From: Luke Shepard [mailto:ls
f.org
Subject: Re: [OAUTH-WG] Discussion of SSL as the primary means for OAuth
communication
On Thu, Jan 28, 2010 at 7:10 PM, Eran Hammer-Lahav
mailto:e...@hueniverse.com>> wrote:
(For the sake of simplicity, I am going to refer to the Plain bearer token with
SSL/TLS as S-Plain)
WRAP appeal
mailto:lshep...@facebook.com]
Sent: Thursday, January 28, 2010 6:36 PM
To: Eran Hammer-Lahav; oauth@ietf.org
Subject: Re: [OAUTH-WG] Discussion of SSL as the primary means for OAuth
communication
Thanks for the detailed reply, Eran.
I think that your proposed design has it backwards: servers sho
ithm they want to you, or just tell them
> which one they are going to use.
>
>
>
> EHL
>
>
>
>
>
> *From:* Luke Shepard [mailto:lshep...@facebook.com]
> *Sent:* Thursday, January 28, 2010 6:36 PM
> *To:* Eran Hammer-Lahav; oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Di
From: Luke Shepard [mailto:lshep...@facebook.com]
Sent: Thursday, January 28, 2010 6:36 PM
To: Eran Hammer-Lahav; oauth@ietf.org
Subject: Re: [OAUTH-WG] Discussion of SSL as the primary means for OAuth
communication
Thanks for the detailed reply, Eran.
I think that your proposed design has it backward
e
Shepard
Sent: Thursday, January 28, 2010 7:30 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Discussion of SSL as the primary means for OAuth
communication
In the discussions around the OAuth WRAP spec, one of the questions often asked
is, "why use SSL exclusively?" Several of us have done
lly
compliant way.
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Luke
Shepard
Sent: Thursday, January 28, 2010 7:30 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Discussion of SSL as the primary means for OAuth
communication
In the discussions around the OAuth WR
In the discussions around the OAuth WRAP spec, one of the questions often asked
is, "why use SSL exclusively?" Several of us have done a lot of thinking on it
and I wanted to articulate my understanding of the pros and cons of the
approach for discussion. The use case I primarily have in mind is
10 matches
Mail list logo
