Re: [OAUTH-WG] Publication has been requested for draft-ietf-oauth-device-flow-07

Justin Richer <jricher@mit.edu> Thu, 08 March 2018 18:20 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A8081243F6; Thu, 8 Mar 2018 10:20:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCXeGU8YJJyA; Thu, 8 Mar 2018 10:19:57 -0800 (PST)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81A3B120725; Thu, 8 Mar 2018 10:19:57 -0800 (PST)
X-AuditID: 1209190e-5f3ff7000000336e-b6-5aa17ecb97d3
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 0C.78.13166.BCE71AA5; Thu, 8 Mar 2018 13:19:56 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w28IJpd5009969; Thu, 8 Mar 2018 13:19:52 -0500
Received: from [192.168.2.61] (108-202-177-16.lightspeed.sntcca.sbcglobal.net [108.202.177.16]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w28IJk9W027626 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 8 Mar 2018 13:19:48 -0500
From: Justin Richer <jricher@mit.edu>
Message-Id: <49D385E2-0E71-4913-8012-E6F479EF318F@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F85B0362-DBBC-41AC-9ACC-917BFFEAE3AA"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Thu, 8 Mar 2018 10:19:45 -0800
In-Reply-To: <CAAP42hDA=w=Q9C0PQShZ=np_kAx2-8w=ALLO_V215vYEW+KKAg@mail.gmail.com>
Cc: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, iesg-secretary@ietf.org, "<oauth@ietf.org>" <oauth@ietf.org>, oauth-chairs@ietf.org
To: William Denniss <wdenniss@google.com>
References: <151517342925.14706.13583633097065531665.idtracker@ietfa.amsl.com> <831693C2CDA2E849A7D7A712B24E257F7F91B492@BRN1WNEXMBX01.vcorp.ad.vrsn.com> <CAGL6epKjqn_c-XZ_B=O8zbQdPpy15BS155W601ybZPU4g-j-wA@mail.gmail.com> <CAAP42hDA=w=Q9C0PQShZ=np_kAx2-8w=ALLO_V215vYEW+KKAg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.5.20)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPKsWRmVeSWpSXmKPExsUixG6nonumbmGUwcyj0hb9/x0tbs9dyWZx 8u0rNoudL1rZLDbNaWZ3YPXYOesuu8eCTaUeS5b8ZApgjuKySUnNySxLLdK3S+DKWHKHvWCC a8XhqQ1MDYznbboYOTkkBEwkuj49Ye5i5OIQEljMJDH39V52CGcDo8Tkrj9MEM5tJok9Exax gLSwCahKTF/TwgRi8wpYSbw6/RbMZhZIkpjYcQIqbiLx/u1DMFtYIEbi7f817CA2i4CKxJVF D8FsToFAiY6+xVC9PYwSq++AnSQioCnx8uwBFojFK5kk+iYdZYG4VUli+vfbbBMY+Wch2TcL yT6IuLbEsoWvmSFsTYn93ctZMMU1JDq/TWRdwMi2ilE2JbdKNzcxM6c4NVm3ODkxLy+1SNdY LzezRC81pXQTIyj8OSX5djBOavA+xCjAwajEw/vAcWGUEGtiWXFl7iFGSQ4mJVFe36wFUUJ8 SfkplRmJxRnxRaU5qcWHGCU4mJVEeHuzgcp5UxIrq1KL8mFS0hwsSuK87ibaUUIC6Yklqdmp qQWpRTBZGQ4OJQne67VAjYJFqempFWmZOSUIaSYOTpDhPEDDXatBhhcXJOYWZ6ZD5E8xWnJs efSyjZnjAJi88eJ1G7MQS15+XqqUOO9NkKECIA0ZpXlwM0HpLOfURoFXjOJALwrzpoCM5QGm Qripr4AWMgEt3Ht5AcjCkkSElFQD4x6rY8/nMS09K8+vs/tvqZ7sjZlnWW1fZSksclReMkF9 4uwlHAvv6bX9lty/8pP6qQ3Nftyl65SWux3i3tlouD5Z70WqdHXfyaXfZjtrfFxk+vjm810B ATq669c/uPf09pUPgfoFMTNVAm+fiOsJbHyiarTpdPSCvTMMZxbeYg/qy+szfTid66sSS3FG oqEWc1FxIgBL7fklQgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/11hDXL1XQ3bfNUSN23guS7c2G7E>
Subject: Re: [OAUTH-WG] Publication has been requested for draft-ietf-oauth-device-flow-07
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 18:20:00 -0000

+1

> On Mar 5, 2018, at 10:23 PM, William Denniss <wdenniss@google.com> wrote:
> 
> Thanks again for the feedback Scott. I've staged an update here: https://github.com/WilliamDenniss/draft-ietf-oauth-device-flow/pull/6 <https://github.com/WilliamDenniss/draft-ietf-oauth-device-flow/pull/6>
> 
> It expands on the brute force attack section to include some detail on this attack, as it is quite unique for OAuth brute-force attacks (since the victim actually ends up with the attacker's grant on the device, instead of the other way around – not that this is totally safe of course, it's just unique).  It also adds some further discussion around what factors need to be considered by authorization servers when creating the user code format.
> 
> I'll post this once my co-authors have reviewed, and the submission tool re-opens.
> 
> 
> On Fri, Jan 5, 2018 at 10:56 AM Rifaat Shekh-Yusef <rifaat.ietf@gmail.com <mailto:rifaat.ietf@gmail.com>> wrote:
> Hi Scott,
> 
> Sorry, I missed that last discussion that you had with William.
> 
> 
> William,
> 
> Can you please update the document based on your last discussion with Scott?
> I will then update the request for publication to use the new updated version.
> 
> Regards,
>  Rifaat
> 
> 
> 
> On Fri, Jan 5, 2018 at 12:40 PM, Hollenbeck, Scott <shollenbeck@verisign.com <mailto:shollenbeck@verisign.com>> wrote:
> > -----Original Message-----
> > From: OAuth [mailto:oauth-bounces@ietf.org <mailto:oauth-bounces@ietf.org>] On Behalf Of Rifaat Shekh-
> > Yusef
> > Sent: Friday, January 05, 2018 12:30 PM
> > To: ekr@rtfm.com <mailto:ekr@rtfm.com>
> > Cc: oauth@ietf.org <mailto:oauth@ietf.org>; iesg-secretary@ietf.org <mailto:iesg-secretary@ietf.org>; oauth-chairs@ietf.org <mailto:oauth-chairs@ietf.org>
> > Subject: [EXTERNAL] [OAUTH-WG] Publication has been requested for draft-
> > ietf-oauth-device-flow-07
> >
> > Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-device-
> > flow-07 as Proposed Standard on behalf of the OAUTH working group.
> >
> > Please verify the document's state at
> > https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ <https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/>
> 
> The document really should be updated to reflect the last call discussions prior to requesting publication for the -07 version that needs to be updated.
> 
> Scott
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org <mailto:OAuth@ietf.org>
> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth