[appsdir] Scans for draft-ietf-tokbind-protocol and draft-ietf-tokbind-https
Ted Hardie <ted.ietf@gmail.com> Wed, 08 April 2015 00:15 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: appsdir@ietfa.amsl.com
Delivered-To: appsdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A7351ACDFD for <appsdir@ietfa.amsl.com>; Tue, 7 Apr 2015 17:15:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QrBW826zBtNJ for <appsdir@ietfa.amsl.com>; Tue, 7 Apr 2015 17:15:09 -0700 (PDT)
Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [IPv6:2607:f8b0:4001:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA33D1ACDFA for <appsdir@ietf.org>; Tue, 7 Apr 2015 17:15:08 -0700 (PDT)
Received: by iebrs15 with SMTP id rs15so61445707ieb.3 for <appsdir@ietf.org>; Tue, 07 Apr 2015 17:15:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=mba/Hf3zkRqtpT2Pft+dJjmtQujTOEynLgzY/nTubKw=; b=oB92ZTp0ftl90X+oSjaW9h+K88LtyVabsMxlK5dkwFWNgIngyiGCTMkMyoQrGmA10K zwuOcXaxdXDigTwxzIY5/7n4G5nVSXaF5/KYJL67kJBqmtIOZgwQTtHl1jXzzfkWhT6c z0KSTrwasG3aDiVAAzM2CKZRORP7V17aEajHkGOgBJjFBYAAIsIvFg7qbsDOwCC0rzLi H/25uI6ZlY2ah+SYMAcwhC8ypBPMZhpW9n4HDKGhxvJGcMxXOpXmRKaD2zk1GSfZkGDb rfijgRNnbtAbddcJHiz6vPnAeMyaaRjq/O28mfxqLNn5lpci/I2m2nPnHAWlvD0uWlxX 0uJw==
MIME-Version: 1.0
X-Received: by 10.107.167.145 with SMTP id q139mr35009628ioe.16.1428452108390; Tue, 07 Apr 2015 17:15:08 -0700 (PDT)
Received: by 10.42.129.17 with HTTP; Tue, 7 Apr 2015 17:15:08 -0700 (PDT)
Date: Tue, 07 Apr 2015 17:15:08 -0700
Message-ID: <CA+9kkMAMWAdhkw0Am8QH-MShdrgiNJsJT9jO45GrCnp1ZANAzg@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: appsdir@ietf.org, Allison Mankin <allison.mankin@gmail.com>
Content-Type: multipart/alternative; boundary="001a114299907fd89805132b6c0a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/appsdir/NdkNwotGVR947E7M4RzhE5JxFD0>
Subject: [appsdir] Scans for draft-ietf-tokbind-protocol and draft-ietf-tokbind-https
X-BeenThere: appsdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Apps Area Review List <appsdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/appsdir>, <mailto:appsdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/appsdir/>
List-Post: <mailto:appsdir@ietf.org>
List-Help: <mailto:appsdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/appsdir>, <mailto:appsdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 00:15:10 -0000
draft-ietf-tokbind-protocol will need significant attention, especially from folks with application security, privacy, and web services backgrounds. Though the draft isn't very long, it describes a general method of binding application security tokens to a channel and reusing them with a server as well as methods for taking those issued by one server and using them elsewhere. The interaction between the binding and application semantics will likely be a focus of reviews, as would be the privacy implication of a long-lived token of this type (though the draft presumes the ability to clear state, it's not at all clear that this would be available to mobile apps or similar). draft-ietf-tokbind-https will need a similar amount of attention, especially from folks familiar with HTTP semantics (headers and status code semantics being two areas of concern). In essence, this is the worked example of the protocol, embodied in HTTP. regards, Ted
- [appsdir] Scans for draft-ietf-tokbind-protocol a… Ted Hardie
- Re: [appsdir] Scans for draft-ietf-tokbind-protoc… Martin Thomson
- Re: [appsdir] Scans for draft-ietf-tokbind-protoc… Eliot Lear