Re: [OAUTH-WG] Barry Leiba's Discuss on draft-ietf-oauth-spop-12: (with DISCUSS and COMMENT)
John Bradley <ve7jtb@ve7jtb.com> Thu, 18 June 2015 18:08 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF5771B2B6B for <oauth@ietfa.amsl.com>; Thu, 18 Jun 2015 11:08:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0bxM2mpyN87B for <oauth@ietfa.amsl.com>; Thu, 18 Jun 2015 11:08:39 -0700 (PDT)
Received: from mail-qk0-f171.google.com (mail-qk0-f171.google.com [209.85.220.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E7571B2BA0 for <oauth@ietf.org>; Thu, 18 Jun 2015 11:08:36 -0700 (PDT)
Received: by qkbp125 with SMTP id p125so44030326qkb.2 for <oauth@ietf.org>; Thu, 18 Jun 2015 11:08:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=nc4rQ2QRjGLV/sXTsF57wla4EiZ/ihc0leuOrp1PnyY=; b=P7Ok937BhRp9149ut9cyv5PvC4pZ3OLFx6xNigMk1SPY1dTadu3ZuWUp2Dn+eoyc2T 756iwiAtYwoxMEVafR3UjxuUQuIJk6TLSOpHzq7x8HhV8ZYSAyHfxBODvd7dIvi8cJ8g YU8o8TQMJ/NboayFrcNbL6Ujb7tzUk3EwbnLbW0PhzdJdMf48lszXP59eK7XN3Ap5d/W 90YrLtsHC1aB9sR/ia9SI8nGaQ6MAK29tszOxqhVth1tk7jMqzbCtM13NFKqIc5BrP8O h3O/YpMX1vM6EARFMn4lPxnn8bLB9loVjCLUU/G38vPt2xOeuiegBfrNpqFBmjY1WllA +mMQ==
X-Gm-Message-State: ALoCoQkKmXNLWIxx4lnie1JQAZ38jLTRA7hEPOUR1sHTMvgSzhNJe5vVM3EefB3aB7oS1IxAHjGE
X-Received: by 10.140.21.81 with SMTP id 75mr16121251qgk.86.1434650915508; Thu, 18 Jun 2015 11:08:35 -0700 (PDT)
Received: from [192.168.8.102] ([181.202.9.67]) by mx.google.com with ESMTPSA id n132sm4254011qhb.12.2015.06.18.11.08.29 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 18 Jun 2015 11:08:32 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <5579EA2F.5020404@gmx.net>
Date: Thu, 18 Jun 2015 15:08:19 -0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <506CD550-75C3-4354-8FCB-40C0921F2A81@ve7jtb.com>
References: <20150611184955.1618.38149.idtracker@ietfa.amsl.com> <5579DB31.30807@gmx.net> <CALaySJJKwOVAWHry41khzNg6fDpkW6No2QQsz5PG6amvnNHSaQ@mail.gmail.com> <CALaySJKQYkVjZPDr=4n-+JPdfH2o1DrHRP9c_kLAuJXLLW_ptA@mail.gmail.com> <5579EA2F.5020404@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/4tbqc8JUwyf-vYGz-ryfFVTBMM4>
Cc: draft-ietf-oauth-spop@ietf.org, oauth-chairs@ietf.org, draft-ietf-oauth-spop.shepherd@ietf.org, The IESG <iesg@ietf.org>, Barry Leiba <barryleiba@computer.org>, oauth WG <oauth@ietf.org>, draft-ietf-oauth-spop.ad@ietf.org
Subject: Re: [OAUTH-WG] Barry Leiba's Discuss on draft-ietf-oauth-spop-12: (with DISCUSS and COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2015 18:08:40 -0000
Just a FYI, the issue addressed in this draft hit the media this week as a result of this paper https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view The attack we have been discussing is in Section 3.4. John B. > On Jun 11, 2015, at 5:06 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > > Sounds good to me, Barry! > > On 06/11/2015 09:10 PM, Barry Leiba wrote: >>> Ah, got it. Then it would be good for (4) to say that, maybe just by >>>> adding to the end, "This mechanism does not protect again the more >>>> sophisticated attack." Sound OK? >> That should be "against", of course, not "again". I hate tupos. >
- [OAUTH-WG] Barry Leiba's Discuss on draft-ietf-oa… Barry Leiba
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… Nat Sakimura
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… Barry Leiba
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… John Bradley
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… Barry Leiba
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… Nat Sakimura
- [OAUTH-WG] Barry Leiba's Discuss on draft-ietf-oa… Barry Leiba
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… Hannes Tschofenig
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… Barry Leiba
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… Barry Leiba
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… Hannes Tschofenig
- Re: [OAUTH-WG] Barry Leiba's Discuss on draft-iet… John Bradley