Re: [OAUTH-WG] little nit on draft-ietf-oauth-security-topics-13 wrt ietf-oauth-mtls
Daniel Fett <danielf+oauth@yes.com> Tue, 23 July 2019 11:19 UTC
Return-Path: <danielf+oauth@yes.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B8681201DC for <oauth@ietfa.amsl.com>; Tue, 23 Jul 2019 04:19:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yes.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QvN6QNj_jCCH for <oauth@ietfa.amsl.com>; Tue, 23 Jul 2019 04:19:27 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F2791201D2 for <oauth@ietf.org>; Tue, 23 Jul 2019 04:19:27 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id j6so5816994ioa.5 for <oauth@ietf.org>; Tue, 23 Jul 2019 04:19:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yes.com; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=PogWNJ1LBlI5qELoxk+KFULMO/k0xZYwzrVfGMQ55m0=; b=EZMN/jw0Mc/0Ykxw+U+IzjNfm4LgssBRvxIQmERrlIAW7EdFyu3MnqVlizwLs2mfxO +62opcJZORhmHDwGKE+2r0eK9kqs5AHwjbF4gqCWy4zz5uraWsT2fVGRCc5GP1Tx1WV8 MKcj/ZdtJM1fv+e9eHrbwtaBeBsB0jMUyBS+DFYhXPV2+qAA6g5arUXB9bZ7pymyasdH Lb9uA4RtVHONwV13cHrqGoK0bERkZqS5Mn+PoF/0lZyQld41i4XEBSI7dUsS6c0FYv1d 9/hTPGY3EHL4du48rj201/U2PVPZsSgZnxEIBYqFRZWw1uzTHCgA+M+fRn4CPMIYCfbw 206A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=PogWNJ1LBlI5qELoxk+KFULMO/k0xZYwzrVfGMQ55m0=; b=KVq84DUI08llPJKObRJ+wmt79c23yzeZk3VmVa+D3IISSb8PJdNvrdmn2Tbqh5cf5O p/3BteM36OQ8yGemBUd2HcLmwYJeKH5/xbfld55E3GZ8sCDmX48A3MnFwOzBiPTVM0my 8LFOHR+l69xGHiV0rOPYYxvSN2toLroW/F3rELzsTxG+feZAHruYnLq/poE6RzG41txn sbttO/rdT4NwH/w4jI4IFOdb0d1/PW7bVQ7qjUNyZP9pPwD24AwVxenednL6yIgqwEYv i7BvQ+mwOplSHsY2SK9RKTglLphhvPntbWX7/bErhqJE0bdqZim2z6FbwhnphOSVFXRx 9qMQ==
X-Gm-Message-State: APjAAAXLQ7tpq+b96GQlQWDHpcjg7oP+7oC8d3ktnK8UvFoWlpekQ9+5 gZP6PrfvVtLa8yUatzXqLMONlksx+TM=
X-Google-Smtp-Source: APXvYqyQHWVNVKUyJo2cNM9tRolbf+NogvO+c+Ealng7dH0GNz7D0H9d5dpz7B2oXo6DA789dYbLsA==
X-Received: by 2002:a02:ac09:: with SMTP id a9mr82083975jao.48.1563880766457; Tue, 23 Jul 2019 04:19:26 -0700 (PDT)
Received: from [172.16.137.148] ([207.115.96.130]) by smtp.gmail.com with ESMTPSA id n7sm32425280ioo.79.2019.07.23.04.19.25 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Jul 2019 04:19:25 -0700 (PDT)
To: oauth@ietf.org
References: <CA+k3eCRkBZ8ehLLBrc4fXhQec=jXb6KLqstN2b-N4r9yuVqA9w@mail.gmail.com>
From: Daniel Fett <danielf+oauth@yes.com>
Message-ID: <095d6849-38c4-6f02-2a1a-4c16255c498c@yes.com>
Date: Tue, 23 Jul 2019 13:19:25 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <CA+k3eCRkBZ8ehLLBrc4fXhQec=jXb6KLqstN2b-N4r9yuVqA9w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------487F48423A88CFB15D843753"
Content-Language: de-DE
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/446FFzg_5jtS9uBEJv7JA9nvUeI>
Subject: Re: [OAUTH-WG] little nit on draft-ietf-oauth-security-topics-13 wrt ietf-oauth-mtls
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 11:19:29 -0000
Thanks Brian, I committed a fix for this. -Daniel Am 22.07.19 um 20:36 schrieb Brian Campbell: > The description of I-D.ietf-oauth-mtls in > https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-4.8.1.2 > <https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-4.8..1.2> > talks about binding to and checking against the fingerprint of the > public key from the client certificate. However, > https://tools.ietf.org/html/draft-ietf-oauth-mtls-15 uses a hash of > the whole certificate rather than of just the public key. > > /CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly > prohibited.. If you have received this communication in error, please > notify the sender immediately by e-mail and delete the message and any > file attachments from your computer. Thank you./ > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] little nit on draft-ietf-oauth-securit… Brian Campbell
- Re: [OAUTH-WG] little nit on draft-ietf-oauth-sec… Daniel Fett
- Re: [OAUTH-WG] little nit on draft-ietf-oauth-sec… Brian Campbell