[OAUTH-WG] Fwd: New Version Notification for draft-barnes-oauth-pika-01.txt
Richard Barnes <rlb@ipv.sx> Mon, 08 July 2024 22:35 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD17C1F6C88 for <oauth@ietfa.amsl.com>; Mon, 8 Jul 2024 15:35:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fMrjS7ab9c6 for <oauth@ietfa.amsl.com>; Mon, 8 Jul 2024 15:35:10 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31C5BC1F5887 for <oauth@ietf.org>; Mon, 8 Jul 2024 15:35:09 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id e9e14a558f8ab-376012bcc33so16214765ab.2 for <oauth@ietf.org>; Mon, 08 Jul 2024 15:35:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1720478108; x=1721082908; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=NgAMDn5zw+msJXr9pIF3oyi5yoFGH231SKa5guKG7sw=; b=nfJA5iNj7BBremfUZM1Dz52g3w2bioOaagACtZUj4KEP8si9wn3aZFIzBd0ish/ORd EbZBnWSC4bRaIfR1RGzfBEu7Y4Y0zcCAfquFJcC79TtySTabn392loR29nYpchLHmmft qpqmaYCIXl/kBUzGo4RhCL/VsvuwRSkrLx14tg1LjvVKE83+TwMev1lJqDzuZHQjBpvc hf4UoYyigyoc0wVoLZUBUZgYCyTaxxDF5wkBBDG+dOY1arlyQEvJRkgp1tNVr6oQDKpn V5jI1dzDrDFdCQQusWzZjpQQYJXjnCQVY+CqbFbMJNl5DHUGTecfC/4SdzHvk3ATBS8f HjuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720478108; x=1721082908; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NgAMDn5zw+msJXr9pIF3oyi5yoFGH231SKa5guKG7sw=; b=cqXusOKlKpn4TNblHvEuBdkdYsuoBE0r6NeHsVo1wZuQpAUHwj06/dJ5Siq6VYwU/L /+It86wqV0MMwibjqjQZZfJ1I7eyIZVAy5NsRiWRkeBS/5weYfZ+d0ocJhmz59vtT2p/ 5ly+VIKWszDPVEGNAfnAPCFN7I7PYqXjEQmvrJi660IpfkfOugqVSDgkpeaS5qfFVN6q 6RYF5xwwTPKNDY3dEKykfUAk+0GpLIVn76I3Sr77K6b1OrQRfKEXiAmB+TL8+DbI9NrY BQKpF+oU+116UDIuOzdu1tSddQh/zKVerS8p1gmWlnagaIFXjsray5Ak88FQa3Ftsbnu qgAA==
X-Gm-Message-State: AOJu0YzLv1RTsIwrkiTQhAfYPLd0VUVyWbGg6916LUe+Juo8bHXumTJJ TyaLNIwb3F8fDaCqSJQ0eT3PEPjB51hDB6zITU4cOZZ5pS7k7SirIID1RphcHedyKtZOs5V+/c2 k9Rp/uamRq/yX5nQ29nlyz3rzFi0aEKd1QTpN2wbCu4lz+LFnJ+o=
X-Google-Smtp-Source: AGHT+IHRlDr1amWUYiyEgarBn8X1GTIvz+0/YoN8TnM+Wlgn/uBZECJ30Pq82n60IPFUIl11oUDcbK0UFpUwf76vtWg=
X-Received: by 2002:a92:c26d:0:b0:376:1fae:463a with SMTP id e9e14a558f8ab-38a5a360459mr8677375ab.32.1720478108576; Mon, 08 Jul 2024 15:35:08 -0700 (PDT)
MIME-Version: 1.0
References: <172047796483.465321.14340099736788014358@dt-datatracker-5f88556585-j5r2h>
In-Reply-To: <172047796483.465321.14340099736788014358@dt-datatracker-5f88556585-j5r2h>
From: Richard Barnes <rlb@ipv.sx>
Date: Mon, 08 Jul 2024 18:34:57 -0400
Message-ID: <CAL02cgSHU6TrkRZhDhYybUZscVrBjUavCBHtZu-E_M8DpOmQ7A@mail.gmail.com>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000819059061cc40649"
Message-ID-Hash: 2W4FPKYDGEW3ZN6KJD4LFEMI5P3CNJHV
X-Message-ID-Hash: 2W4FPKYDGEW3ZN6KJD4LFEMI5P3CNJHV
X-MailFrom: rlb@ipv.sx
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-barnes-oauth-pika-01.txt
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/56qMeF-hYI1wc0J_e7kI8Mhnat8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Hi OAuth folks, Thanks to everyone for the discussion on the adoption thread for this draft. This revision is mostly unchanged, except that we added a few notes about risks related to compromise of web servers that hold certificates that could be used to issue PIKAs. --Richard ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Mon, Jul 8, 2024 at 6:32 PM Subject: New Version Notification for draft-barnes-oauth-pika-01.txt To: Richard L. Barnes <rlb@ipv.sx>, Sharon Goldberg <goldbe@bastionzero.com> A new version of Internet-Draft draft-barnes-oauth-pika-01.txt has been successfully submitted by Richard Barnes and posted to the IETF repository. Name: draft-barnes-oauth-pika Revision: 01 Title: Proof of Issuer Key Authority (PIKA) Date: 2024-07-08 Group: Individual Submission Pages: 11 URL: https://www.ietf.org/archive/id/draft-barnes-oauth-pika-01.txt Status: https://datatracker.ietf.org/doc/draft-barnes-oauth-pika/ HTML: https://www.ietf.org/archive/id/draft-barnes-oauth-pika-01.html HTMLized: https://datatracker.ietf.org/doc/html/draft-barnes-oauth-pika Diff: https://author-tools.ietf.org/iddiff?url2=draft-barnes-oauth-pika-01 Abstract: A relying party verifying a JSON Web Token (JWT) needs to verify that the public key used to verify the signature legitimately represents the issuer represented in the "iss" claim of the JWT. Today, relying parties commonly use the "iss" claim to fetch a set of authorized signing keys over HTTPS, relying on the security of HTTPS to establish the authority of the downloaded keys for that issuer. The ephemerality of this proof of authority makes it unsuitable for use cases where a JWT might need to be verified for some time. In this document, we define a format for Proofs of Issuer Key Authority, which establish the authority of a key using a signed object instead of an HTTPS connection. The IETF Secretariat
- [OAUTH-WG] Fwd: New Version Notification for draf… Richard Barnes