[OAUTH-WG] I-D ACTION:draft-ietf-oauth-spop-15.txt

Internet-Drafts@ietf.org Fri, 10 July 2015 15:32 UTC

Return-Path: <Internet-Drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42B371B29B5; Fri, 10 Jul 2015 08:32:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yVA5W4JUdFQq; Fri, 10 Jul 2015 08:32:39 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C49901A9248; Fri, 10 Jul 2015 08:32:36 -0700 (PDT)
MIME-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
From: Internet-Drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.4.p3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150710153236.25916.45262.idtracker@ietfa.amsl.com>
Date: Fri, 10 Jul 2015 08:32:36 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/86RVmrGdO097kb44DSiJlyTFawo>
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D ACTION:draft-ietf-oauth-spop-15.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 15:32:40 -0000

A new Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

    Title         : Proof Key for Code Exchange by OAuth Public Clients
    Author(s)     : N. Sakimura, et al
    Filename      : draft-ietf-oauth-spop
    Pages         : 21 
    Date          : 2015-07-10 
    
   OAuth 2.0 public clients utilizing the Authorization Code Grant are
   susceptible to the authorization code interception attack.  This
   specification describes the attack as well as a technique to mitigate
   against the threat through the use of Proof Key for Code Exchange
   (PKCE, pronounced &quot;pixy&quot;).


A URL for this Internet-Draft is:
https://www.ietf.org/internet-drafts/draft-ietf-oauth-spop-15.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-spop"><ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-spop>