Re: [OAUTH-WG] New Version Notification for draft-sakimura-oauth-tcse-00.txt
Nat Sakimura <sakimura@gmail.com> Tue, 30 July 2013 15:36 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7106A21F9DBD for <oauth@ietfa.amsl.com>; Tue, 30 Jul 2013 08:36:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zo-Mo46pVPWG for <oauth@ietfa.amsl.com>; Tue, 30 Jul 2013 08:36:22 -0700 (PDT)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 9366521F9DF0 for <oauth@ietf.org>; Tue, 30 Jul 2013 08:36:20 -0700 (PDT)
Received: by mail-la0-f42.google.com with SMTP id mf11so1558197lab.15 for <oauth@ietf.org>; Tue, 30 Jul 2013 08:36:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=cItZJyIQKKfPvZgZ+EIMEcVWT717tojJGBqPe1wtVqo=; b=I3THNC9VRLG2HuqwRPosj6OTUyqpvhSR89wDY2qmYhvLfki8rsEfF3mDTZHoZr5eCP bYRAGtMq+2fUDcq1u2FinDi4Y4rhUsGfhUl6pbYcAWvLET1zPcTuanLG9F7YTnTyuiUF 2YVaHwXtfJ8HRcSVZlqSGmLuSk0jimY4j7jV4Id8JmBlPNHbFhXkNwjpeHDqgtZrvSRB wp5EzfNs7VqO9PNyIsRkgh2RIjXDPlpbvfy0rC6GvXEtouXxu3GhWUkvX9PKOTN4virX rXLIdCyePj2TnA2E3QekFpU9Utfp1j1XtZ5N2tjmm31UNz2cc33LZ7GGqOJsPHfqWGgT 2aFg==
MIME-Version: 1.0
X-Received: by 10.112.11.136 with SMTP id q8mr3547195lbb.94.1375198579301; Tue, 30 Jul 2013 08:36:19 -0700 (PDT)
Received: by 10.112.134.38 with HTTP; Tue, 30 Jul 2013 08:36:19 -0700 (PDT)
In-Reply-To: <CABzCy2CC3Oi2J7GZJVBa07=xtjMXvy9ah_h_ZwwZQXDd4qtSzw@mail.gmail.com>
References: <20130730095129.29309.12243.idtracker@ietfa.amsl.com> <CABzCy2CC3Oi2J7GZJVBa07=xtjMXvy9ah_h_ZwwZQXDd4qtSzw@mail.gmail.com>
Date: Wed, 31 Jul 2013 00:36:19 +0900
Message-ID: <CABzCy2Ax56ithEc2AvKCqybzK9RjV1cDYPoKdj7DBu6euj8F7w@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c3b61ed0a5c804e2bc5e54"
Subject: Re: [OAUTH-WG] New Version Notification for draft-sakimura-oauth-tcse-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2013 15:36:23 -0000
Hi. I had to fix a few issues with the previous draft text. No normative changes, but just removed some extra text. Nat ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: 2013/7/31 Subject: New Version Notification for draft-sakimura-oauth-tcse-01.txt To: Nat Sakimura <sakimura@gmail.com>, John Bradley < jbradley@pingidentity.com>, Naveen Agarwal <naa@google.com> A new version of I-D, draft-sakimura-oauth-tcse-01.txt has been successfully submitted by Nat Sakimura and posted to the IETF repository. Filename: draft-sakimura-oauth-tcse Revision: 01 Title: OAuth Transient Client Secret Extension for Public Clients Creation date: 2013-07-30 Group: Individual Submission Number of pages: 7 URL: http://www.ietf.org/internet-drafts/draft-sakimura-oauth-tcse-01.txt Status: http://datatracker.ietf.org/doc/draft-sakimura-oauth-tcse Htmlized: http://tools.ietf.org/html/draft-sakimura-oauth-tcse-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-sakimura-oauth-tcse-01 Abstract: The OAuth 2.0 public client utilizing authorization code grant is susceptible to the code interception attack. This specification describe a mechanism that acts as a control against this threat. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en 2013/7/30 Nat Sakimura <sakimura@gmail.com> > As some of you know, passing the authorization code securely to a native > app on iOS platform is next to impossible. Malicious application may > register the same custom scheme as the victim application and hope to > obtain the code, whose success rate is rather high. > > We have discussed about it during the OpenID Conenct Meeting at IETF 87 on > Sunday, and over a lengthy thread on the OpenID AB/Connect work group list. > I have captured the discussion in the form of I-D. It is pretty short and > hopefully easy to read. > > IMHO, although it came up as an issue in OpenID Connect, this is a quite > useful extension to OAuth 2.0 in general. > > Best, > > Nat Sakimura > > ---------- Forwarded message ---------- > From: <internet-drafts@ietf.org> > Date: 2013/7/30 > Subject: New Version Notification for draft-sakimura-oauth-tcse-00.txt > To: Nat Sakimura <sakimura@gmail.com>, John Bradley < > jbradley@pingidentity.com>, Naveen Agarwal <naa@google.com> > > > > A new version of I-D, draft-sakimura-oauth-tcse-00.txt > has been successfully submitted by Nat Sakimura and posted to the > IETF repository. > > Filename: draft-sakimura-oauth-tcse > Revision: 00 > Title: OAuth Transient Client Secret Extension for Public Clients > Creation date: 2013-07-29 > Group: Individual Submission > Number of pages: 7 > URL: > http://www.ietf.org/internet-drafts/draft-sakimura-oauth-tcse-00.txt > Status: http://datatracker.ietf.org/doc/draft-sakimura-oauth-tcse > Htmlized: http://tools.ietf.org/html/draft-sakimura-oauth-tcse-00 > > > Abstract: > The OAuth 2.0 public client utilizing code flow is susceptible to the > code interception attack. This specification describe a mechanism > that acts as a control against this threat. > > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > > -- > Nat Sakimura (=nat) > Chairman, OpenID Foundation > http://nat.sakimura.org/ > @_nat_en > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
- [OAUTH-WG] Fwd: New Version Notification for draf… Nat Sakimura
- Re: [OAUTH-WG] New Version Notification for draft… Nat Sakimura
- Re: [OAUTH-WG] Fwd: New Version Notification for … Morteza Ansari (moransar)
- Re: [OAUTH-WG] New Version Notification for draft… Sergey Beryozkin
- Re: [OAUTH-WG] New Version Notification for draft… John Bradley
- Re: [OAUTH-WG] New Version Notification for draft… Sergey Beryozkin
- Re: [OAUTH-WG] Fwd: New Version Notification for … Prateek Mishra
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Phil Hunt
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Nat Sakimura
- Re: [OAUTH-WG] Fwd: New Version Notification for … Phil Hunt
- Re: [OAUTH-WG] Fwd: New Version Notification for … Nat Sakimura
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Axel.Nennker
- Re: [OAUTH-WG] Fwd: New Version Notification for … Sergey Beryozkin