Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-resp-03.txt
Roman Danyliw <rdd@cert.org> Thu, 18 November 2021 20:15 UTC
Return-Path: <rdd@cert.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A983D3A0A13 for <oauth@ietfa.amsl.com>; Thu, 18 Nov 2021 12:15:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06BpjcR3OUX2 for <oauth@ietfa.amsl.com>; Thu, 18 Nov 2021 12:15:51 -0800 (PST)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0090.outbound.protection.office365.us [23.103.208.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2358C3A0A17 for <oauth@ietf.org>; Thu, 18 Nov 2021 12:15:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=Mj1cTy0RgfL5KMws2HnAX0/lNp1Lo/r0R0jWEmujk+Ju34QL1llVeYY2A10H1WJw/ysh6A2KTo3QtpaXXfpLvu8U0p7EQ80QMwKic5UYkkkYmZ0Zm11NoyYU6VBqnHSmyCmIyFHAQrJSqnCliTJaTzeHJ3SA5Hc83Ln7GcQjKc/LOs1MNgbrQ3bwOl4z8Fj6zvSakxOIPheTl1diawyg5xMX5nyRYLCvJzEvhkntYm3Ixz00WLqnwbVgG0rpOueLE5fwB4+ae88ET4y+PCb/vp2oJVW9+HNLcv0096/vRsA2/sAj+RBHC1cyXXXphlJxVdvNZse4ycfqbgnRjHhGSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dXRVeF7aQ2X8yojWiqYiuZ8I3G2WD63EacBi40R9rm8=; b=bDEF/gdn2M5AM3mejGf+8KnQXDdAgQCFtw/gk4qNMMrZ9s4XGOFlHo9RN3dxvG2WNldfzZwXdVbxgWIVv+aWdeZZpuYzkaMkH9ICerxL4ou+yrjX+a648CVdFRDKCUDVU5JRpJJVPk7Wh7cozIwzGLRcRbN/maaurxd9l49Kxu2z7p+bmsS8FaCEwnXJvUhmlYO0yqg/vi+bJceoohTYuC/UMFkrzvItlumM/ZtT/TQM7lp+KM9ipwYXgdR8vFOuT9T8TEN0MjhSKXL9iKIe+uq4lY/5UH9y0/3VlL8FjYLLWS7ALb958savhs77q38S1Xok7RBwKbMNmudWy3FvCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dXRVeF7aQ2X8yojWiqYiuZ8I3G2WD63EacBi40R9rm8=; b=Hb1EoQLNLMtJzpy1KQAXurHxAethrygtA2jLuoOi2KBKGVFUZSzCJ4L39XIVgW2JeLaPDhZR3+9vBa994r5HyObkXEuCDAm9fsYtS6QMjZ2VXm2U76tlcMDBHRJvdYgFr+5Cj8xYNIO+PjI4IlVnReM3FAVU0D2K4eqsTT/V+R0=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0850.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:135::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.27; Thu, 18 Nov 2021 20:15:48 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4690.029; Thu, 18 Nov 2021 20:15:48 +0000
From: Roman Danyliw <rdd@cert.org>
To: Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-resp-03.txt
Thread-Index: AQHX3Lbj697nG0GIlUyneYcF7Tk63qwJtjqAgAACLzA=
Date: Thu, 18 Nov 2021 20:15:48 +0000
Message-ID: <BN1P110MB09393A265962F1FA933ACC3BDC9B9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <163726559247.7094.4444997556472984840@ietfa.amsl.com> <31ae1d3d-2cd8-05f5-2952-bc46441b8b60@hackmanit.de>
In-Reply-To: <31ae1d3d-2cd8-05f5-2952-bc46441b8b60@hackmanit.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9114a4ae-258b-41c8-3cc8-08d9aad035cd
x-ms-traffictypediagnostic: BN1P110MB0850:
x-microsoft-antispam-prvs: <BN1P110MB0850EC1440E245599BA1FB19DC9B9@BN1P110MB0850.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Wpham4BNRPOCQDkWHwP67jvLt8W9hsRK2fbg+6j4UPkQA8ExX8Z5KuPyPKzEIV7FhAW7j/LdBDjmHJn0/e6TQgRIYN3QxLHs/jH0qu2MCfMP6QYnboVVfNZyWqtJV1DW9/htUbKKGndwRqfZ4s4MTKDfE/zB9jDE0Bv0JRyhmUGfqlTCoLwfFD3ulBj9dSxvGOysZkx0DZz0BZtfboMyHj6ArYK4wKQGOk/l/Udq4s2XT7qq/0l3p4DuiZoU+Y22Kw9dyU+vxAh1v1kSMhDv8KzSJ45v/ozA9pItTCkuDjCQ2dwVF4BuPSpfQBWjAYSEnwXYUy2ei8Rta8rbcYD3rR5VFXHda4ms3dPJIkl8L+QTQ23fCqzPuIbAPn4ECKmuPV8GC+pSdj+s56z4uf9u76vSCxB+GySk6iRv/mKD2yBasjCdL+Z4JBCOeheURPPHw52dKaRgQjUWLnA/AVfprLOH5BXszvTzhP9LLNoXX7okQ73dBkYXoMTAKW4ZRfSrs3GfhhiPKz5uR6hEyBApZl2gPiyb8ybIOKL+1tTgjIIuj+1WJSl39ZbsWBMiVbHC1VnEh/xJN7uD6VbA1Ffkg/5mhVfQBtNZVyFAt79LP+LP3F1/BRIhAvZ/ad0Jhg0ypL2HHiHp8EYgHT6yVeA0m/vuxfFl3g86V+HccUS9uHITv5zosK2LNad972Bvv7CGRL8MkQ2m9VpF/jLqK3GXcA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(4001150100001)(26005)(6506007)(966005)(53546011)(52536014)(2906002)(5660300002)(498600001)(8936002)(7696005)(110136005)(8676002)(55016002)(66946007)(76116006)(9686003)(66574015)(64756008)(66556008)(66446008)(186003)(71200400001)(83380400001)(86362001)(15974865002)(66476007)(38070700005)(122000001)(38100700002)(82960400001)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NatylJ9bNdcVcPVm955259PtmsdpBMgJYkUGoFjGe3LMjJDwSFgXYOp7n79wgqoBVk1SujiDr3tMaJ8FZTHGSmwDV7pjEjMFiiKWJi1wa7G8fCQ6KREp/52xJwfsrJWvk3Maegsw1aEtrxX0ypte15k1PaQWrevvvYnpmttN2wDgetE/KsgqbXOm+1h4khgdLLNirD3q4t5/SfZyUxKfv9/AMVpWr+aVsx6eun/BVih49TJSdWxLLTifZ59/E6CBK76QnUydPNh+43FLXb0r8liprw/h+MiZfiHS9cFULRS1qyy2OGhlt2GcZGwqN0hmXP7FURfosvJH0DJ0dBDxqMcV5oR451qrplTaOCd5upKC71mHGpeF8Y/en3pxTDpGBin9AdgMI53JiCMX7RDx2VJMRrjuefSdbKmQ2x7RatqSzQxOe6TXg/8HAouB2DyBT4tod+vd53q9YasO0a9sI+TB1ix9s5s3c1NCph/8DlEK1FGRkDYnhChv4M1L4bP8fG4Nldc3AcXgl5JWYtRdJjidkPO7MKkGDwqJ99BC5pMQFJN2KiQ5vqqqqotAyubBEM1RnKM3IgW3UYulIO8hLgUU+te0dH98Ss9bok5hC5fzXQN29EQ5hGU4vz7/bTwpLL0QS75Bq33L4AEYUU2qR3lfgHq2hxmq5uX32o5sGiiXvDDiE8jhdrOV+kTfMzh0RRKHGueeAyOw33jU8li4qhYWD6U/H1dxm551nFXTCtY=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9114a4ae-258b-41c8-3cc8-08d9aad035cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2021 20:15:48.1728 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0850
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/6KLzE0F_-6vfsH-M9bJfEoCB7sQ>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-resp-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2021 20:15:57 -0000
Hi Karsten and Daniel! Thanks for quick turn-around on the directorate and AD review feedback in the -03. I've advanced the document to IESG review -- hopefully on the December 2 telechat. Regards, Roman > -----Original Message----- > From: Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de> > Sent: Thursday, November 18, 2021 3:07 PM > To: oauth@ietf.org > Cc: Roman Danyliw <rdd@cert.org> > Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-resp-03.txt > > Hi all, > > Daniel and I published a new draft version for the iss parameter. > > Version 03 addresses the feedback from Roman's AD review, as well as, most of > the feedback from Julian Reschke's (artart) and Yoav Nir's > (secdir) reviews. > > The only comment I could not address is this nit because I don't know how to > write the links in markdown so that they are processed by xml2rfc correctly. > > > Section links to external documents do not appear to be marked up as > > such (and use a trailing dot in the section number which they should > > not) > > Best regards, > Karsten > > Am 18.11.2021 um 20:59 schrieb internet-drafts@ietf.org: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > > > Title : OAuth 2.0 Authorization Server Issuer Identification > > Authors : Karsten Meyer zu Selhausen > > Daniel Fett > > Filename : draft-ietf-oauth-iss-auth-resp-03.txt > > Pages : 11 > > Date : 2021-11-18 > > > > Abstract: > > This document specifies a new parameter iss that is used to > > explicitly include the issuer identifier of the authorization server > > in the authorization response of an OAuth authorization flow. The > > iss parameter serves as an effective countermeasure to "mix-up > > attacks". > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ > > > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-oauth-iss-auth-resp-03.html > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-iss-auth-resp-03 > > > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > -- > Phone: (+49)(0)234 / 45930961 > Fax: (+49)(0)234 / 45930960 > Mail: karsten.meyerzuselhausen@hackmanit.de > PGP: 0EDA AAC6 01DE 3D7F 2123 70F8 4535 C0E7 DB16 F148 > Web: www.hackmanit.de > > Hackmanit GmbH > Universitätsstraße 150 (ID 2/469) > 44801 Bochum, Germany > > Vertreten durch: Prof. Dr. Jörg Schwenk, Dr. Juraj Somorovsky, Dr. Christian > Mainka, Marcus Niemietz > Registergericht: Bochum
- [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-a… Karsten Meyer zu Selhausen
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-a… Roman Danyliw