[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-06.txt
Brian Campbell <bcampbell@pingidentity.com> Mon, 15 January 2018 23:49 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F68F12ECC0 for <oauth@ietfa.amsl.com>; Mon, 15 Jan 2018 15:49:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.439
X-Spam-Level:
X-Spam-Status: No, score=-2.439 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DKDYe6zeYh6z for <oauth@ietfa.amsl.com>; Mon, 15 Jan 2018 15:49:03 -0800 (PST)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 616D012ECBD for <oauth@ietf.org>; Mon, 15 Jan 2018 15:49:03 -0800 (PST)
Received: by mail-io0-x22b.google.com with SMTP id p188so2083968ioe.12 for <oauth@ietf.org>; Mon, 15 Jan 2018 15:49:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=GTUrNdJOkIL4YEMSnl6Yk8ce2053h9PbpJN1TJZDbzI=; b=ZoQD/uX4Tp52P2svAMQpnl3QHN34yPcbUHCCJqO+8nzq0aV+IG5UrbSfXPTvb8LuyX Y420JrWcyG5CY1MUGxUTTO5/rX2pAH9A8MDOHbhtuAbrjTTcgbT1P/oBfun6tOPrQQAF HrRTyuLISok89obAnsdkfNcA0EdOCefiQYaYw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=GTUrNdJOkIL4YEMSnl6Yk8ce2053h9PbpJN1TJZDbzI=; b=KfKPCFrmSmqLFY4wUGMy+SbAV3UJBASfW9lVY+fvkbfwMOzVOLKVVdowEBmiXjpEnF NNUMbpBvkMU6jqv4asFVmlpp98hnOC9mCreS+jlBngb+ZnyIyVBxH8JWhcNeUyfq8paV HbsQJM4dcBozPxEOxsApwx4pm0kCYRBYP1gcQafTfDtXdDpgLRyQmzziyttkW9yKQlnZ w7OuwVRefDXTbAqVL5Quh2YAKuMUj7V3B/v9+3TN9UnnikyjXygHClp5E1tl0IKv7zxq 4kJl4FBd7z8YSgG1etE2vIHZnFONoRO23wy1skMchbYbi7rcWMg91mI0SffXsVZXdIX2 LR4A==
X-Gm-Message-State: AKwxytdnp/rG1gDMmGzzdndVZ0imDLKfBDoS8WI5RFBhaiSy6IGFy09W 8oqxug5IqbpRlmiMVKNKy3AsavcsAkZpIna/y95LUDnQd2Gl7Hjv0D5U32MGHS1Tx2vIf+dqAmu lgI/BrnjIIlP1k9xm
X-Google-Smtp-Source: ACJfBosqDihI2SXEhoYmoIPOYPVWBmpC+1sUHTo7+8JN63uNG8y9I3xt/aGxsjCWarbOBM+/bvWJrShVe1bDa1O9seg=
X-Received: by 10.107.180.70 with SMTP id d67mr16620324iof.73.1516060142332; Mon, 15 Jan 2018 15:49:02 -0800 (PST)
MIME-Version: 1.0
Received: by 10.2.30.193 with HTTP; Mon, 15 Jan 2018 15:48:31 -0800 (PST)
In-Reply-To: <151605921276.11670.4403139653173193382@ietfa.amsl.com>
References: <151605921276.11670.4403139653173193382@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 15 Jan 2018 16:48:31 -0700
Message-ID: <CA+k3eCRxFpt-sXqRnv4LKynBCn+adcGWkKOiBFwD7ki0zk4LDg@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c06b7843e0a3e0562d94294"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/0WM8Tgop0XlD446Zd3v6Og8iIQk>
Subject: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jan 2018 23:49:06 -0000
I'm happy to announce that a new revision of the OAuth Mutual TLS draft has been published (just a couple weeks later than expected). The changes, which are listed below, are largely aimed at addressing comments/requests from the WG meeting in Singapore. draft-ietf-oauth-mtls-06 - Add an appendix section describing the relationship of this document to OAuth Token Binding as requested during the the Singapore meeting https://datatracker.ietf.org/doc/minutes-100-oauth/ <https://datatracker.ietf.org/doc/minutes-100-oauth/> - Add an explicit note that the implicit flow is not supported for obtaining certificate bound access tokens as discussed at the Singapore meeting https://datatracker.ietf.org/doc/minutes-100-oauth/ - Add/incorporate text to the Security Considerations on Certificate Spoofing as suggested https://mailarchive.ietf.org/a rch/msg/oauth/V26070X-6OtbVSeUz_7W2k94vCo <https://mailarchive.ietf.org/arch/msg/oauth/V26070X-6OtbVSeUz_7W2k94vCo> - Changed the title to be more descriptive - Move the Security Considerations section to before the IANA Considerations - Elaborated on certificate bound access tokens a bit more in the Abstract - Update draft-ietf-oauth-discovery reference to -08 ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: Mon, Jan 15, 2018 at 4:33 PM Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-06.txt To: i-d-announce@ietf.org Cc: oauth@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens Authors : Brian Campbell John Bradley Nat Sakimura Torsten Lodderstedt Filename : draft-ietf-oauth-mtls-06.txt Pages : 20 Date : 2018-01-15 Abstract: This document describes Transport Layer Security (TLS) mutual authentication using X.509 certificates as a mechanism for OAuth client authentication to the authorization sever as well as for certificate bound sender constrained access tokens as a method for a protected resource to ensure that an access token presented to it by a given client was issued to that client by the authorization server. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-mtls-06 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
- [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-06.t… internet-drafts
- [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls… Brian Campbell