Re: [OAUTH-WG] New Version Notification for draft-hunt-oauth-pop-architecture-00.txt

Phil Hunt <phil.hunt@oracle.com> Thu, 03 April 2014 16:41 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50A521A0270 for <oauth@ietfa.amsl.com>; Thu, 3 Apr 2014 09:41:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pHvZ9KhYH-nC for <oauth@ietfa.amsl.com>; Thu, 3 Apr 2014 09:41:47 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 9D27F1A0264 for <oauth@ietf.org>; Thu, 3 Apr 2014 09:41:47 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s33GfguN007567 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 3 Apr 2014 16:41:43 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s33GffTX000121 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 3 Apr 2014 16:41:41 GMT
Received: from abhmp0013.oracle.com (abhmp0013.oracle.com [141.146.116.19]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s33GfeoT012936; Thu, 3 Apr 2014 16:41:40 GMT
Received: from [192.168.1.186] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 03 Apr 2014 09:41:40 -0700
Content-Type: multipart/alternative; boundary="Apple-Mail=_90A6F07B-ED41-4EDC-A37F-297F89E27D90"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <533D8E5F.8000600@redhat.com>
Date: Thu, 03 Apr 2014 09:41:39 -0700
Message-Id: <6BE94541-2DAA-4CDA-8478-E1BF99480629@oracle.com>
References: <20140403083747.31162.58961.idtracker@ietfa.amsl.com> <1396541184.357.YahooMailNeo@web125601.mail.ne1.yahoo.com> <533D8CA3.6070005@oracle.com> <533D8E5F.8000600@redhat.com>
To: Anil Saldhana <Anil.Saldhana@redhat.com>
X-Mailer: Apple Mail (2.1874)
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/3mMasAEViXX1PO65xc86fQlBXSk
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] New Version Notification for draft-hunt-oauth-pop-architecture-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 16:41:52 -0000

What was wrong with HOK?

Aside: Why was “the” so important in HOTK?

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com

On Apr 3, 2014, at 9:37 AM, Anil Saldhana <Anil.Saldhana@redhat.com> wrote:

> Prateek,
>   why not just use "proof"? 
> 
> draft-hunt-oauth-proof-architecture-00.txt
> 
> Is that allowed by IETF?
> 
> 
> Regards,
> Anil
> 
> On 04/03/2014 11:30 AM, Prateek Mishra wrote:
>> "key confirmed" or "key confirmation" is another term that is widely used for these use-cases
>>> I really *like* the name "proof of possession", but I think the acronym PoP is going to be confused with POP.  HOTK has the advantage of not being a homonym for aything else.  What about "Possession Proof"?
>>>  
>>> -bill
>>> 
>>> 
>>> --------------------------------
>>> William J. Mills
>>> "Paranoid" MUX Yahoo!
>>> 
>>> On Thursday, April 3, 2014 1:38 AM, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:
>>> 
>>> A new version of I-D, draft-hunt-oauth-pop-architecture-00.txt
>>> has been successfully submitted by Hannes Tschofenig and posted to the
>>> IETF repository.
>>> 
>>> Name:        draft-hunt-oauth-pop-architecture
>>> Revision:    00
>>> Title:        OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
>>> Document date:    2014-04-03
>>> Group:        Individual Submission
>>> Pages:        21
>>> URL:            http://www.ietf.org/internet-drafts/draft-hunt-oauth-pop-architecture-00.txt
>>> Status:        https://datatracker.ietf.org/doc/draft-hunt-oauth-pop-architecture/
>>> Htmlized:      http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00
>>> 
>>> 
>>> Abstract:
>>>   The OAuth 2.0 bearer token specification, as defined in RFC 6750,
>>>   allows any party in possession of a bearer token (a "bearer") to get
>>>   access to the associated resources (without demonstrating possession
>>>   of a cryptographic key).  To prevent misuse, bearer tokens must to be
>>>   protected from disclosure in transit and at rest.
>>> 
>>>   Some scenarios demand additional security protection whereby a client
>>>   needs to demonstrate possession of cryptographic keying material when
>>>   accessing a protected resource.  This document motivates the
>>>   development of the OAuth 2.0 proof-of-possession security mechanism.
>>> 
>>>                                                                                   
>>> 
>>> 
>>> Please note that it may take a couple of minutes from the time of submission
>>> until the htmlized version and diff are available at tools.ietf.org.
>>> 
>>> The IETF Secretariat
>>> 
>>> 
>  
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth