Re: [OAUTH-WG] We appear to still be litigating OAuth, oops
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 24 February 2021 17:05 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EAFA3A181A; Wed, 24 Feb 2021 09:05:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hGqn6r26qAgm; Wed, 24 Feb 2021 09:05:17 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E76383A1816; Wed, 24 Feb 2021 09:05:16 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 141AC38A2B; Wed, 24 Feb 2021 12:09:26 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id kFomh5ZTpsbw; Wed, 24 Feb 2021 12:09:25 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 8695638A29; Wed, 24 Feb 2021 12:09:25 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 1604357B; Wed, 24 Feb 2021 12:05:14 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "oauth@ietf.org" <oauth@ietf.org>, ietf@ietf.org
Subject: Re: [OAUTH-WG] We appear to still be litigating OAuth, oops
In-Reply-To: <E84B4446-5F74-402B-8071-A1164EF0B02C@mit.edu>
References: <CAMm+LwgbK3HYDjSHnTN3f6hWSQCQrEjHLNn6z0JpfY7hdxaQpg@mail.gmail.com> <A8128346-B557-472F-B94F-8F624F955FCE@manicode.com> <eb2eaaa7-7f7e-4170-ab87-1cc1fdd3359b@www.fastmail.com> <CAJot-L0PS_3LxEkC-jd1aqXDdYF+z8BajSs4Rhx3LgRPn6wkdQ@mail.gmail.com> <DAB127D7-809F-4EC2-A043-9B15E2DB8E07@tzi.org> <CAJot-L1e8GegjXjADRQ87tGqnSREoO4bEKLX+kPkZFsQpevGQA@mail.gmail.com> <66be0ffe-a638-45a0-ba05-1585ea02e6bf@www.fastmail.com> <CAJot-L2KO2dOzZQJJeB1kbk6_KTQwUYUsoJOoRt=9maynS1jZg@mail.gmail.com> <121f52be-4747-45f3-ad75-79fa2f693d75@beta.fastmail.com> <E84B4446-5F74-402B-8071-A1164EF0B02C@mit.edu>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 24 Feb 2021 12:05:14 -0500
Message-ID: <26997.1614186314@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/mDzFZ1FwaWbuGcYU6_sRTIS0e6Q>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2021 17:05:20 -0000
Justin Richer <jricher@mit.edu> wrote: > From a technical standpoint, OAuth’s dynamic client registration lets > arbitrary clients talk to an AS, but the trust isn’t there in > practice. As an example of a fail even in a closed ecosystem: neither Google nor Facebook nor LinkedIn nor .. permit one to login to them with themselves. Even if we believe that there are business reasons why they wouldn't delegate to another, the fact is that they don't delegate to themselves. What's the use case? I'll give you two: 1) parent/child 2) boss/secretary (*) My kid is subject to Google Classroom. A great idea, rather poorly implemented. The parent interface is basically non-existent. The advice, from *GOOGLE* (and my school board) is, in order to find out what your child is doing... have them share their password with you, the parent. I read this, and went WTF? Doesn't that go against all of the authentication security precepts that Google and others have been telling us? (*) - yes there are limited abilities to do this within gmail. But, it does not extend throughout the ecosystem. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- Diversity and Inclusiveness in the IETF Fernando Gont
- Re: Diversity and Inclusiveness in the IETF Bron Gondwana
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: Diversity and Inclusiveness in the IETF Dominique Lazanski
- Re: Diversity and Inclusiveness in the IETF Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Dominique Lazanski
- Re: Diversity and Inclusiveness in the IETF Carsten Bormann
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- Re: Diversity and Inclusiveness in the IETF Bron Gondwana
- Re: Diversity and Inclusiveness in the IETF Rifaat Shekh-Yusef
- Re: Diversity and Inclusiveness in the IETF Bron Gondwana
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- Re: [Gendispatch] Diversity and Inclusiveness in … Stephen Farrell
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Dan Harkins
- RE: Diversity and Inclusiveness in the IETF Roman Danyliw
- Re: Diversity and Inclusiveness in the IETF Kathleen Moriarty
- Re: Diversity and Inclusiveness in the IETF Donald Eastlake
- Re: Diversity and Inclusiveness in the IETF Fernando Gont
- Re: Diversity and Inclusiveness in the IETF Carsten Bormann
- Making headway in the IETF [was Diversity and Inc… Brian E Carpenter
- Re: Making headway in the IETF [was Diversity and… Keith Moore
- Re: Diversity and Inclusiveness in the IETF Brian E Carpenter
- Re: Diversity and Inclusiveness in the IETF Mark Nottingham
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Bron Gondwana
- Re: [Gendispatch] Diversity and Inclusiveness in … Mary Barnes
- Re: [Gendispatch] Diversity and Inclusiveness in … Bill Woodcock
- Re: Diversity and Inclusiveness in the IETF Tim Bray
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Eric Rescorla
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Bron Gondwana
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: Diversity and Inclusiveness in the IETF Jim Fenton
- Re: Diversity and Inclusiveness in the IETF Phillip Hallam-Baker
- Building Real Internet Platforms Mark Nottingham
- RE: Diversity and Inclusiveness in the IETF Larry Masinter
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Jim Manico
- Re: Diversity and Inclusiveness in the IETF Carsten Bormann
- We appear to still be litigating OAuth, oops Bron Gondwana
- Re: Diversity and Inclusiveness in the IETF S Moonesamy
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- RE: [Gendispatch] Diversity and Inclusiveness in … Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- Re: [Gendispatch] Diversity and Inclusiveness in … Vittorio Bertola
- coders in IETF (was: Diversity and Inclusiveness … Keith Moore
- Re: [OAUTH-WG] We appear to still be litigating O… Carsten Bormann
- RE: [Gendispatch] Diversity and Inclusiveness in … Hannes Tschofenig
- Re: [OAUTH-WG] We appear to still be litigating O… Bron Gondwana
- Re: coders in IETF (was: Diversity and Inclusiven… Bron Gondwana
- Re: [OAUTH-WG] We appear to still be litigating O… Bron Gondwana
- Re: [OAUTH-WG] We appear to still be litigating O… Neil Madden
- Re: [OAUTH-WG] We appear to still be litigating O… Aaron Parecki
- Re: [OAUTH-WG] We appear to still be litigating O… Jim Willeke
- Re: Diversity and Inclusiveness in the IETF Phillip Hallam-Baker
- Re: [OAUTH-WG] We appear to still be litigating O… Justin Richer
- Re: [OAUTH-WG] We appear to still be litigating O… Aaron Parecki
- Re: [Gendispatch] Diversity and Inclusiveness in … Mary Barnes
- Re: coders in IETF (was: Diversity and Inclusiven… Phillip Hallam-Baker
- Re: [OAUTH-WG] We appear to still be litigating O… Tim Bray
- Re: [Gendispatch] Diversity and Inclusiveness in … Christian Huitema
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Michael Richardson
- Re: [OAUTH-WG] We appear to still be litigating O… Phillip Hunt
- Re: [Gendispatch] Diversity and Inclusiveness in … Phillip Hallam-Baker
- Re: Diversity and Inclusiveness in the IETF Michael Thomas
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- Re: [Gendispatch] Diversity and Inclusiveness in … Vittorio Bertola
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Michael Thomas
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: coders in IETF (was: Diversity and Inclusiven… Christian Hopps
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [OAUTH-WG] We appear to still be litigating O… Bron Gondwana
- Re: coders in IETF (was: Diversity and Inclusiven… Christian Huitema
- Re: [Gendispatch] Diversity and Inclusiveness in … Jen Linkova
- Academia (Re: Diversity and Inclusiveness in the … Theresa Enghardt
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Dan Harkins
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Theresa Enghardt
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Christian Huitema
- Re: Diversity and Inclusiveness in the IETF S Moonesamy
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Fernando Gont
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Fernando Gont
- RE: [Gendispatch] Diversity and Inclusiveness in … Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF S Moonesamy
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Theresa Enghardt
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Seán Kelleher
- Re: [OAUTH-WG] We appear to still be litigating O… Seán Kelleher
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Lars Eggert
- RE: [Gendispatch] Diversity and Inclusiveness in … Andrew Campling
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Marc Petit-Huguenin
- document writing/editing tools used by IETF Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: Diversity and Inclusiveness in the IETF Brian E Carpenter
- Re: [Gendispatch] Diversity and Inclusiveness in … Marc Petit-Huguenin
- Re: [Gendispatch] Diversity and Inclusiveness in … Eric Rescorla
- Re: [Gendispatch] Diversity and Inclusiveness in … Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Brian E Carpenter
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Eric Rescorla
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Brian E Carpenter
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Keith Moore
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: document writing/editing tools used by IETF Joel M. Halpern
- RE: document writing/editing tools used by IETF Larry Masinter
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Keith Moore
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: Diversity and Inclusiveness in the IETF S Moonesamy
- RE: document writing/editing tools used by IETF Larry Masinter
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Lars Eggert
- Re: document writing/editing tools used by IETF Ladislav Lhotka
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Lars Eggert
- Re: document writing/editing tools used by IETF Julian Reschke
- Re: [Gendispatch] Diversity and Inclusiveness in … Lars Eggert
- Re: [Gendispatch] Diversity and Inclusiveness in … Lars Eggert
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Lars Eggert
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Colin Perkins
- Re: document writing/editing tools used by IETF Andrew McConachie
- Re: [Gendispatch] Diversity and Inclusiveness in … Vittorio Bertola
- Re: [Gendispatch] Diversity and Inclusiveness in … Bill Woodcock
- Re: document writing/editing tools used by IETF Behcet Sarikaya
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: [OAUTH-WG] We appear to still be litigating O… Justin Richer
- Re: document writing/editing tools used by IETF Ladislav Lhotka
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: [OAUTH-WG] We appear to still be litigating O… Tim Bray
- Re: [OAUTH-WG] We appear to still be litigating O… Aaron Parecki
- How to tell people... Was: We appear to still be … Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Keith Moore
- Re: How to tell people... Was: We appear to still… Keith Moore
- Re: document writing/editing tools used by IETF Julian Reschke
- Re: document writing/editing tools used by IETF Carsten Bormann
- RE: document writing/editing tools used by IETF STARK, BARBARA H
- Re: [OAUTH-WG] We appear to still be litigating O… Christian Huitema
- Re: [OAUTH-WG] We appear to still be litigating O… Michael Thomas
- Re: [OAUTH-WG] We appear to still be litigating O… David Waite
- Re: [OAUTH-WG] We appear to still be litigating O… Aaron Parecki
- Re: coders in IETF (was: Diversity and Inclusiven… Charles Eckel (eckelcu)
- Re: [OAUTH-WG] We appear to still be litigating O… Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF John Levine
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: document writing/editing tools used by IETF Michael Richardson
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: document writing/editing tools used by IETF Keith Moore
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: document writing/editing tools used by IETF Brian E Carpenter
- Re: How to tell people... Was: We appear to still… Michael Richardson
- Re: How to tell people... Was: We appear to still… Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF John Levine
- Re: document writing/editing tools used by IETF Keith Moore
- Re: document writing/editing tools used by IETF Michael Richardson
- Re: document writing/editing tools used by IETF Christian Huitema
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: [Gendispatch] Academia (Re: Diversity and Inc… John Wroclawski
- Re: document writing/editing tools used by IETF John Levine
- Re: [OAUTH-WG] We appear to still be litigating O… Bron Gondwana
- Re: [Gendispatch] Diversity and Inclusiveness in … Bron Gondwana
- HTML for email (was: Re: document writing/editing… Keith Moore
- Re: [OAUTH-WG] We appear to still be litigating O… Vittorio Bertola
- Re: HTML for email (was: Re: document writing/edi… Phillip Hallam-Baker
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Jeff Craig
- Re: document writing/editing tools used by IETF Behcet Sarikaya
- Re: HTML for email tom petch
- RE: HTML for email Larry Masinter
- Re: document writing/editing tools used by IETF Salz, Rich
- RE: document writing/editing tools used by IETF STARK, BARBARA H
- Re: HTML for email Keith Moore
- Re: HTML for email Benjamin Kaduk
- Re: HTML for email (was: Re: document writing/edi… Viktor Dukhovni
- Re: HTML for email Nico Williams
- Re: HTML for email Nico Williams
- Re: HTML for email Nico Williams
- Re: HTML for email Benjamin Kaduk
- Re: HTML for email Keith Moore
- Re: HTML for email Benjamin Kaduk
- Re: HTML for email Bron Gondwana
- Re: HTML for email John Levine
- RE: HTML for email Larry Masinter
- Re: HTML for email Brian E Carpenter
- Re: HTML for email Phillip Hallam-Baker
- Re: HTML for email tom petch
- Re: HTML for email tom petch
- Re: HTML for email ned+ietf
- Re: HTML for email Nick Hilliard
- Re: HTML for email Keith Moore
- Re: HTML for email ned+ietf
- Re: HTML for email tom petch
- Re: HTML for email Nick Hilliard
- Re: HTML for email Nico Williams
- Re: HTML for email tom petch
- Re: HTML for email Nico Williams
- Re: HTML for email Phillip Hallam-Baker
- Re: HTML for email Keith Moore
- RE: HTML for email Larry Masinter
- Re: HTML for email Phillip Hallam-Baker
- Re: HTML for email Keith Moore
- Re: HTML for email Phillip Hallam-Baker
- Re: HTML for email Keith Moore
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Phillip Hallam-Baker
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Wes Hardaker