[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-06.txt

Brian Campbell <bcampbell@pingidentity.com> Mon, 15 January 2018 23:49 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3F68F12ECC0 for <oauth@ietfa.amsl.com>; Mon, 15 Jan 2018 15:49:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.439
X-Spam-Status: No, score=-2.439 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id DKDYe6zeYh6z for <oauth@ietfa.amsl.com>; Mon, 15 Jan 2018 15:49:03 -0800 (PST)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 616D012ECBD for <oauth@ietf.org>; Mon, 15 Jan 2018 15:49:03 -0800 (PST)
Received: by mail-io0-x22b.google.com with SMTP id p188so2083968ioe.12 for <oauth@ietf.org>; Mon, 15 Jan 2018 15:49:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=GTUrNdJOkIL4YEMSnl6Yk8ce2053h9PbpJN1TJZDbzI=; b=ZoQD/uX4Tp52P2svAMQpnl3QHN34yPcbUHCCJqO+8nzq0aV+IG5UrbSfXPTvb8LuyX Y420JrWcyG5CY1MUGxUTTO5/rX2pAH9A8MDOHbhtuAbrjTTcgbT1P/oBfun6tOPrQQAF HrRTyuLISok89obAnsdkfNcA0EdOCefiQYaYw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=GTUrNdJOkIL4YEMSnl6Yk8ce2053h9PbpJN1TJZDbzI=; b=KfKPCFrmSmqLFY4wUGMy+SbAV3UJBASfW9lVY+fvkbfwMOzVOLKVVdowEBmiXjpEnF NNUMbpBvkMU6jqv4asFVmlpp98hnOC9mCreS+jlBngb+ZnyIyVBxH8JWhcNeUyfq8paV HbsQJM4dcBozPxEOxsApwx4pm0kCYRBYP1gcQafTfDtXdDpgLRyQmzziyttkW9yKQlnZ w7OuwVRefDXTbAqVL5Quh2YAKuMUj7V3B/v9+3TN9UnnikyjXygHClp5E1tl0IKv7zxq 4kJl4FBd7z8YSgG1etE2vIHZnFONoRO23wy1skMchbYbi7rcWMg91mI0SffXsVZXdIX2 LR4A==
X-Gm-Message-State: AKwxytdnp/rG1gDMmGzzdndVZ0imDLKfBDoS8WI5RFBhaiSy6IGFy09W 8oqxug5IqbpRlmiMVKNKy3AsavcsAkZpIna/y95LUDnQd2Gl7Hjv0D5U32MGHS1Tx2vIf+dqAmu lgI/BrnjIIlP1k9xm
X-Google-Smtp-Source: ACJfBosqDihI2SXEhoYmoIPOYPVWBmpC+1sUHTo7+8JN63uNG8y9I3xt/aGxsjCWarbOBM+/bvWJrShVe1bDa1O9seg=
X-Received: by with SMTP id d67mr16620324iof.73.1516060142332; Mon, 15 Jan 2018 15:49:02 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Mon, 15 Jan 2018 15:48:31 -0800 (PST)
In-Reply-To: <151605921276.11670.4403139653173193382@ietfa.amsl.com>
References: <151605921276.11670.4403139653173193382@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 15 Jan 2018 16:48:31 -0700
Message-ID: <CA+k3eCRxFpt-sXqRnv4LKynBCn+adcGWkKOiBFwD7ki0zk4LDg@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c06b7843e0a3e0562d94294"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/0WM8Tgop0XlD446Zd3v6Og8iIQk>
Subject: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jan 2018 23:49:06 -0000

I'm happy to announce that a new revision of the OAuth Mutual TLS draft has
been published (just a couple weeks later than expected). The changes,
which are listed below, are largely aimed at addressing comments/requests
from the WG meeting in Singapore.


   - Add an appendix section describing the relationship of this document
   to OAuth Token Binding as requested during the the Singapore meeting
   - Add an explicit note that the implicit flow is not supported for
   obtaining certificate bound access tokens as discussed at the Singapore
   meeting https://datatracker.ietf.org/doc/minutes-100-oauth/
   - Add/incorporate text to the Security Considerations on Certificate
   Spoofing as suggested https://mailarchive.ietf.org/a
   - Changed the title to be more descriptive
   - Move the Security Considerations section to before the IANA
   - Elaborated on certificate bound access tokens a bit more in the
   - Update draft-ietf-oauth-discovery reference to -08

---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Mon, Jan 15, 2018 at 4:33 PM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-06.txt
To: i-d-announce@ietf.org
Cc: oauth@ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts
This draft is a work item of the Web Authorization Protocol WG of the IETF.

        Title           : OAuth 2.0 Mutual TLS Client Authentication and
Certificate Bound Access Tokens
        Authors         : Brian Campbell
                          John Bradley
                          Nat Sakimura
                          Torsten Lodderstedt
        Filename        : draft-ietf-oauth-mtls-06.txt
        Pages           : 20
        Date            : 2018-01-15

   This document describes Transport Layer Security (TLS) mutual
   authentication using X.509 certificates as a mechanism for OAuth
   client authentication to the authorization sever as well as for
   certificate bound sender constrained access tokens as a method for a
   protected resource to ensure that an access token presented to it by
   a given client was issued to that client by the authorization server.

The IETF datatracker status page for this draft is:

There are also htmlized versions available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:

OAuth mailing list

*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you.*