[OAUTH-WG] TLS question from token revocation draft iesg evaluation
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 02 June 2013 19:53 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1047A21F91CA for <oauth@ietfa.amsl.com>; Sun, 2 Jun 2013 12:53:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0FKILjrIQqW for <oauth@ietfa.amsl.com>; Sun, 2 Jun 2013 12:53:14 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 3045E21F918C for <oauth@ietf.org>; Sun, 2 Jun 2013 12:53:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 687DEBE51 for <oauth@ietf.org>; Sun, 2 Jun 2013 20:52:52 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LGsq5LyUYali for <oauth@ietf.org>; Sun, 2 Jun 2013 20:52:52 +0100 (IST)
Received: from [10.87.48.12] (unknown [86.42.23.7]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 3AB3ABE35 for <oauth@ietf.org>; Sun, 2 Jun 2013 20:52:52 +0100 (IST)
Message-ID: <51ABA293.4070700@cs.tcd.ie>
Date: Sun, 02 Jun 2013 20:52:51 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [OAUTH-WG] TLS question from token revocation draft iesg evaluation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jun 2013 19:53:19 -0000
Hiya, This draft has a couple of minor changes needed as a result of IESG review (see [1]) but one question came up that I wanted to bring back to the WG to see what you think. Any good answer should be fine btw, this isn't a case of the insisting on stuff. The question is whether the WG think that the situation related to the mandatory-to-implement TLS version has changed since that was last discussed a couple of years ago. There have been changes in the implementation status of TLS1.2 since then, mainly driven by the discovery of weaknesses with some deployment choices for TLS1.0. So - should we stick with the TLS1.0 as MTI and TLS1.2 as a SHOULD implement or can we now safely bump up to TLS1.2 as MTI? And since its been a source of confusion here before, we're discussing what's mandatory to *implement* not what's mandatory to *use*. Thanks, S. PS: the other changes are mechanical so don't need to take up WG time but feel free to comment to the list, chairs, authors, me, ... whatever. [1] https://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/ballot/
- [OAUTH-WG] TLS question from token revocation dra… Stephen Farrell
- Re: [OAUTH-WG] TLS question from token revocation… Donald F Coffin
- Re: [OAUTH-WG] TLS question from token revocation… Justin Richer