ietf – Page 4 – Simon Josefsson's blog

EnigForm – HTML/HTTP forms with OpenPGP

Posted on 2007-04-01 by simon

Talking to Buanzo, I have been testing the EnigForm plugin for Mozilla. Briefly, EnigForm gives you OpenPGP signing of HTML forms, based on GnuPG, by setting some HTTP headers with the OpenPGP data. This is quite cool, I imagine two use-cases:

PGP-based web-authentication. Type your username, have a hidden form field with a nonce, and have EnigForm sign the data. The server verifies the signature, and you have been logged on.
PGP-protected web-based forums, bug-tracking systems, polls, etc. What you write in a HTML form is signed by EnigForm, and the server knows who wrote it, and there is persistent evidence of it. Imagine Debian votes through the web instead of via e-mail!

I think this should be documented and forwarded to the IETF for standardization. It is a good example of a simple invention that uses two existing techniques in a new way.

Password-based Authentication Protocol

Posted on 2007-03-29 by simon

There was a large increase in activity on password-based SASL authentication mechanism in the Prague IETF, with three new proposals. Unfortunately, I was travelling over the I-D cutoff, so my document didn’t make it. However, I’ve now finished a -00 document for it. The goal was initially to just specify a GSS-API mechanism, but it seemed easier to specify a framework-agnostic protocol (with some influences from GSS-API and SASL) and then specify the mapping to GSS-API and SASL.

http://josefsson.org/password-auth/

New SASL GS2 document published

Posted on 2007-03-29 by simon

Version -08 only fixes very minor WGLC comments.

Nothing to see really, but it marks progress for the document.

LibIDN 0.6.11

Posted on 2007-03-13 by simon

Today I released a new version of LibIDN. No major changes, although Alexander Gnauck contributed an update of his C# port.

I’m feeling somewhat saddened how far the IDNAbis proposals are going without any attempts to work with the SASLPrep community. I predict that SASLPrep2 will be a fork of StringPrep1, rather than a profile of StringPrep2.

Update! It seems savannah.gnu.org is down, which seems to affect uploads to alpha.gnu.org. The normal distribution URLs go to a directory checked out from CVS, but I’ve manually made sure the directory contain the latest release even though CVS checkouts doesn’t work.

Base encoding

Posted on 2006-10-17 by simon

My document that describe base encoding (base64, base32 and base16) was published yesterday by the IETF. Unfortunately, the source code could not be included (the IAB said no to including the copyright notice in the code, which is required by the LGPL), but it is available from the home page anyway.

RFC 4648

Base encoding homepage