IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth services/libraries wanted for security evaluation...

Filip Skokan <panva.ip@gmail.com> Mon, 22 June 2020 15:24 UTC

Return-Path: <panva.ip@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23B483A0D9F for <oauth@ietfa.amsl.com>; Mon, 22 Jun 2020 08:24:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4PQGKBYRo6Ns for <oauth@ietfa.amsl.com>; Mon, 22 Jun 2020 08:24:53 -0700 (PDT)
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A1C43A0D93 for <oauth@ietf.org>; Mon, 22 Jun 2020 08:24:53 -0700 (PDT)
Received: by mail-ej1-x631.google.com with SMTP id y10so4037774eje.1 for <oauth@ietf.org>; Mon, 22 Jun 2020 08:24:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=wn6+12zbTMCm0+8QyVDmG6gPorLIF6lRLY0PEycMFNI=; b=Hwz5p/yjyeywV7ySqam2MEbq+Hf9mVgYlIRZPeoeLVn3nYgEHd9VOMw7MqfEiv4/o/ /IzVAXe+xu8NgjifQEBJtePiCb4wGDlOQennLdNIS5So/apgklcW8UsxytQNERj5/62g DgtxWtskq6mqyLPKOIk6jjCebnJOGnfSIfURivaZBwoATos5VLrbB8WQoNLPQJZ/CyKd R7EVv2jcZPoHxDrrsOOJX1+SYRghEADcTlSnFRnoGctGgboDIxgwGUREU1FspA7imR95 VhiTRdbXgrj0vlhrw1vmbP725Ge06FX2uLxJ6bpx8go0zNWKisXx3SYbaNvLpclxeL9D kIMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=wn6+12zbTMCm0+8QyVDmG6gPorLIF6lRLY0PEycMFNI=; b=jVGp7BEkshyNoMCPpK3TuILV+MbJmSBvqqXxPgeY3hGHCmjyzsA9OxGwfWIG4KabRv 2HmxSmFeL/KSHrcLz4Vf/mHjI6D530TOd07VMVzeoF5GCbWnwv73bNgVg/+92013TFyY XUECKM/ust7ujUYXh1bbV0m9XOk1C+G4QKsmxsXJ8Quwn0j5gYQpa8QOp+SivRqAJGcH RbsAzoGx4tUv5zpwIpLnCvp1vk27n9Fkb5VgPrzh2n1rz+Rl7hoWjVARE4Zg7+8f2DXX GZBXV8SzQzFv2IXFdQG9gfNsThk+DFRo1XnRaYXVNvmyfKET41wjwALTihWoSPmpJKID tn7w==
X-Gm-Message-State: AOAM532CtZC/vdpxq6GS6xYpc2fHRNHWA2PSUdUsQGWiBw1UOAICHcwL dD6AOIQ8lF4cu05BLCRBuaOv2lnXAA==
X-Google-Smtp-Source: ABdhPJz8R8zyBbnYgvfexwN7WpilZ98cDQ5F/iUysJxu0n115RxHqSfMEd1iVT1sdfybqapfVDHUHg==
X-Received: by 2002:a17:906:3407:: with SMTP id c7mr2997183ejb.284.1592839491732; Mon, 22 Jun 2020 08:24:51 -0700 (PDT)
Received: from [192.168.68.100] (173.c3.airnet.cz. [94.74.199.173]) by smtp.gmail.com with ESMTPSA id v23sm12457172edr.94.2020.06.22.08.24.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 22 Jun 2020 08:24:47 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-9962E026-0586-499A-AEA2-9A9B4DFAD205"
Content-Transfer-Encoding: 7bit
From: Filip Skokan <panva.ip@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Mon, 22 Jun 2020 17:24:46 +0200
Message-Id: <33E98F20-6AF6-4A4D-A626-B9C4DA7C64C9@gmail.com>
References: <1592833863766.52147@kuleuven.be>
Cc: "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <1592833863766.52147@kuleuven.be>
To: Pieter Philippaerts <pieter.philippaerts@kuleuven.be>
X-Mailer: iPhone Mail (17F80)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/-w0U96AZ-SjQYnE-IbyQ2Z-KaTQ>
Subject: Re: [OAUTH-WG] OAuth services/libraries wanted for security evaluation...
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 15:24:55 -0000

Hello Pieter, 

I’m interested for my open source project. 

Filip

Odesláno z iPhonu

> 22. 6. 2020 v 15:51, Pieter Philippaerts <pieter.philippaerts@kuleuven.be>:
> 
> 
> Hello everyone,
> 
> As part of a research project, I've created a test suite to test OAuth 2.0 implementations and measure how well they implement the various MAY/SHOULD/MUST security recommendations in the OAuth standards. (It also includes test cases for the OIDC and FAPI RO/RW recommendations.) The tool is practically finished and will be made available to the public in a few months.
> 
> I'm currently working on a security analysis of the OAuth2 ecosystem (i.e. I'm using the tool to test various OAuth/OIDC implementations) and I'm still looking for more candidates to test. If you are the author of an OAuth library or if you are running an OAuth service, feel free to contact me to get involved. Apart from my gratitude, I can offer you a free security audit of your product :-)
> 
> Regards,
> Pieter
> 
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email