Re: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt

Mike Jones <Michael.Jones@microsoft.com> Fri, 09 April 2021 03:38 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE6B73A29B7 for <oauth@ietfa.amsl.com>; Thu, 8 Apr 2021 20:38:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YYGwUrrwrSxo for <oauth@ietfa.amsl.com>; Thu, 8 Apr 2021 20:38:37 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650134.outbound.protection.outlook.com [40.107.65.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B3B63A29B5 for <oauth@ietf.org>; Thu, 8 Apr 2021 20:38:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LXiRk6QgGB1OhP8pD7QJAvqYKLLcOMG6ww9LLvFMQgcefrtUccIWkzTAnMHMe9bKJVwn4w58Wu82nPru5sADvjlQvznK5pSsEB6fQsLSFNjbhbJpF+DmZwBZwsZ2NBuwE2yh6sp7coMItsgYAE0XVdlzVdeoE+O5+SKvsw6gqnKql44VR6FmgR46ZuKElYMp/LBLjDc47hMo7dFR0KeU3kcwJZJbFJnx1X1xQIEIJYoJTVZR+v+JwrcvRRJKkzKAop5B1PqT+58pHNLugham6AVKXkwJXdG9xM0ne+/RfU8rl5fz3Itej+oI8MQJ3btT+5giRfLf9su/JzpocpMykw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ul8jZAAUiArhMyjmSUm/FBTzEMjwS9sgrWnUKJVh6R0=; b=bSgY2/OtDwQ72awryq9VFZjz5OnKYEkl+lWF7j1mmIofhnLf/wTxDE6SJLET3OS2qxuTZXOnnPXX8qjy0MPP/LGGJlDRvEd5tFGOxqD7tNw9CcAOC+yv7DoQoVqzDCU1UdxOoJTr0cuc7k8yfux3PpjCnRhkDEYnfThOcz3DriULsEF2wLg3gY5z2+5XkEhI86aK3/kGXqQrK1qF3umD75TsHxGOgc3bL/IwYEEcyx7YchpknYhQPJqV3BMwzRDbvc55Ui5I6vlpAU7Hv0rTKko12ObPwXjocVbyfLxZ/M5ZiId38DTv+wcbl+DNHRJ8MVq8ukmMnAD/JslzGN8+BQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ul8jZAAUiArhMyjmSUm/FBTzEMjwS9sgrWnUKJVh6R0=; b=McrLpYR7hPDy2HGuYOumVUlwcc3AFSF+99d2qXHpy0kxn3zXQr409RA2egAopbPxBLJCXUSEPpVPNcB+j6UCojcgLA1sFQ7noo4fvDoHU9D2wnpKV1EBXwdHdTrgW6eKohhRyem545Ix0qJJpdW6G6rVNWQq7K5dZV35ItDUftI=
Received: from MW2PR00MB0426.namprd00.prod.outlook.com (2603:10b6:302:b::14) by MW2PR00MB0345.namprd00.prod.outlook.com (2603:10b6:302:9::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4061.0; Fri, 9 Apr 2021 03:38:29 +0000
Received: from MW2PR00MB0426.namprd00.prod.outlook.com ([fe80::25cb:2dab:599c:9df2]) by MW2PR00MB0426.namprd00.prod.outlook.com ([fe80::25cb:2dab:599c:9df2%9]) with mapi id 15.20.4067.000; Fri, 9 Apr 2021 03:38:28 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "bcampbell=40pingidentity.com@dmarc.ietf.org" <bcampbell=40pingidentity.com@dmarc.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt
Thread-Index: Adcs8coOG7uzwq9pTwiwUOpovV+Fug==
Date: Fri, 9 Apr 2021 03:38:28 +0000
Message-ID: <MW2PR00MB0426A27B97B4C96D29604C6CF5739@MW2PR00MB0426.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-04-09T03:36:00Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=f01a2e7c-c6ca-4386-9867-c98816467376; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2607:fb90:b2d9:b46f:e920:2135:f44b:10a6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 457678b9-3f65-4b98-90f4-08d8fb08f09b
x-ms-traffictypediagnostic: MW2PR00MB0345:
x-microsoft-antispam-prvs: <MW2PR00MB034587AD5BE014806204EAA9F5739@MW2PR00MB0345.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uKBteMEy+vQUX+R3zrtyLNyKOXrWouAuicWuEEa+AhhvD8xHdLOf7dgbx8/jLhSM2GlRdMJkyJDC4gMu/j2J6TrsN6WdAlbeUlHRxNoBhXLLWdKr+tsnA+Ekv8XbjcHvR63zU7onT9X5peRiAf7JZhUCym//0bWA/NnkAw8/aACymX24MQhmy6QE0DL+lhTBM6LR3P/Me6C9OdH+XegzkXtQO5t8xYLVVKQfVs3pKleVCrKLrtz51UQC+ov3PzpBkMB3GJE9Bw66p41eaIXaubJTi8Ey5mL50CxxAoYR7Jt8pEFPLk6MrEY7FKOWIiqdQ/z6FEYq1xqN0WgMtbQWuLEC88e8D9vYUu7j6pcyRG62c0A8tQde2Vs1nIjwDwTOR16+NBfa0I/LVH3wjHOsSJHb53Ij8M5whLPXVqngZW6qjF1bAXMSYq13zFiwiLxZaDeq9KNVyeFpN9vl2FU63s+zPWdxrBOy/Y75TrrCUck88o28jb4zXGVLXHEG5k4canSjYwsRM3aDNPptB37SC3Ju1FdMATzvbttDfC9PXqQucs7EXFjEz+3tDxmqpfH05PAP6hRbyBNfpjNsG7PiP7n1X+duMNt8nUCA2Ysk3zCY5k4keizDtR2meZQBoMwL8EdRpxc8rnRr0p8dj2BECmRzowjYzbFlRrhxXez3k+lHrWVOkmESL8aeiCXP9c44LK6/u2dQOjkJksFakc0XDgygjYtLc5D4VIDsFDdFYTPA7iQDmYuahrmWerbH1uaauFMQF7OhWCiP0mhrW4s03Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR00MB0426.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(71200400001)(15650500001)(186003)(10290500003)(83380400001)(66574015)(9686003)(478600001)(38100700001)(33656002)(52536014)(5660300002)(82950400001)(166002)(110136005)(66476007)(66556008)(2906002)(316002)(82960400001)(66446008)(66946007)(76116006)(966005)(8676002)(8936002)(8990500004)(6506007)(55016002)(53546011)(64756008)(86362001)(7696005)(21615005)(61000200002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?Y2QzMTJTNjJTZXBLRGpZditOOVk3S2I4L2haZGNKd1A1MWpkWGl0UU9oa2w0?= =?utf-8?B?ajMvMDdvOU5pZmdFaW81OXYxTDJRV1FhQnlCQnRzbnRlNjd3S2oyQVZpYlJM?= =?utf-8?B?R2lDWGdKcHF4L21pcTlNTENPeW9veXJJRkkxQ0VtTnN3SEdaSkZHZG1OMjYw?= =?utf-8?B?U2FNMXRYakxURHhUSGpNK1h5OHdPY0ZRblVWdXNVTy8zQ1dMbHpvNEsrOGxl?= =?utf-8?B?bEoxdnJyRENmQVV4bGpLaWpQRkpCY3E0NURoVFlBTHkyTVMvdkpNK2ZKcUY3?= =?utf-8?B?bXBLZWJGUStnMWZwOU1FR09ZTXpaazNrTm4yZW5vWndCblh3eG5CRzdwbkdq?= =?utf-8?B?U1JZL0pWb01uWmc1ejd6WEx6Q0pUSXRwQmRjMERTaDN6VTNkTDZwaDRpVldu?= =?utf-8?B?RGJTck9XQnZFSHR5eDlqb2J0TE5SdERaeDMrWjJtWjBuWGc0TmdMbmhGMmZt?= =?utf-8?B?Vlp6Zk5INWQ2K2hHMkJ1dEhCRTV3SEliYy8rcmJtU0VWVnVFeVpjcmxBb3lx?= =?utf-8?B?SmVqZ3pxd0JBcGNuVlZNQ3Z6WE8xajhMRnFCUVRVMjg1QzM4bklQUzRnQ1dY?= =?utf-8?B?Y3lhSThnQnFMWjNjaGFsMmo3cTFNQWhiV0hFby9XNTJRbEtxcUtRWEFDeGFF?= =?utf-8?B?VUhnKzYydXJNMnpHcWlkMFNubmlvWlg3RDBzSVp6dUlBYmlLRjRvQkNSS1lV?= =?utf-8?B?UEVqNlROQS9aelpzbi9kYzVuRmtsK3VwTyswUEtkcDVQYXkrTVZNQkV3Smpv?= =?utf-8?B?elBxUCsrQmU4LzVHcDlrbkFueXduQWUva3QxWXc1Wkl1cVRNQkZ0QzEyRnJq?= =?utf-8?B?ZzNENm5CdjFoczl0SFNteFAyS2Z0aS8xTi9jZWZFM1I5V3ZvMTdBTmlQT1E1?= =?utf-8?B?UURoZUhySzBra1FpSkxPMkNqbUhsRmtlSUdiR0xKM3lsZWVma3UyemZ0eHlX?= =?utf-8?B?ZTA4OGhFZFRkMElXRW5XcFQrRitoNjB6a0RBQmlHSEpiK2Rpbm5OL1FTR3Ji?= =?utf-8?B?WlMwVHU1MGlOakMxYXFBdVE0NG1TdjRyc1JHUnBrUDI3bktybUxUdkVFQVNQ?= =?utf-8?B?WU1uOUtzbWtUejBRUzNVZ21kZjdZUDNEbFhPNWVzT3R4UjBkU2wzV3l6NmxF?= =?utf-8?B?OTNlZ0ZIcEZkVVlYVUYyMUxnd1Z6MzRmRkdMcnF5UkZRYWk1UXNYcGdLQ0xP?= =?utf-8?B?cTJHWjVRY0YxYm1pNWxnbURUVnJhb2NDYmdIdWp3RHZXQTJ0TmV1WXBJbEQ3?= =?utf-8?B?MmxsR0FxSGdhdW4rMFFUQml1ZGNzRjB5OGZ1YzhycDVDa25HSlJPMlJvalNY?= =?utf-8?B?NU14U1FGSG8rWDU2a0xpSEo0TGFOSkw5ZFV4ZS9pN2gyZ0FKUkg1amtLNllr?= =?utf-8?B?ak5mWks0UjlSZWlYTTNtb0lUQXhHNDNMWXpyRW9NMXFKTzJkK0I4Vy9yaUkx?= =?utf-8?B?d1ppVUpjczNTTlRGVk1kVFdRb2l6M3RqOGdWMlhuaXh5amtuMytudUY1TGIr?= =?utf-8?B?SVRzSHZ3UUNqcFV1OTNFRWpkQ1RUdTlHdnB5aFh5bkNSaVVzNmF2TTJXRUJ6?= =?utf-8?B?NVU1UjVqKzdBcEtyVWlES2h0SlZkT1dIV3lkdW1kRmxmQS80ek1waWJLK29R?= =?utf-8?B?N2grc2lhcHFUSlE4cUcyWW5LR2V4N2F0Zk92SG1UV25rR0VSS0VxenYvTTk1?= =?utf-8?B?c1BwWE9iSkRuUEViRDFhaitnSTJlRkdPYThnK2IrTGc0blR0NlpiSVZHYmor?= =?utf-8?B?S3BDc2xiY05LYWpMZVkrRFVZQ1pWT3BWWnhrN2dJdG1pSkpvNHNrb3k3WDRN?= =?utf-8?B?a1oyVjhwVHJaMUovOWFDblJnTnB0QmtpOWExWW5GMDIveWNPNE1rRGpkS2pv?= =?utf-8?Q?D+EbltQigj+ZL?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MW2PR00MB0426A27B97B4C96D29604C6CF5739MW2PR00MB0426namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW2PR00MB0426.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 457678b9-3f65-4b98-90f4-08d8fb08f09b
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2021 03:38:28.6483 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 54UVj+bM2lkXC2YUPRzRFqlWvE5lpZtXSHQzjGgFUtGPHs/qk2BKzZ77xJckKgTDy7MJoyo/wzHPWukyvfiqKg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0345
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/89gztdryL32w2rg4Svi6_OnRXRw>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Apr 2021 03:38:40 -0000

I had expected that we would use the existing member name “at_hash” for the access token hash value, rather than the new name “ath”, since there’s already precedent for using it.  Could we change to the standard name for this when we publish the next version?

                                                          Thanks,
                                                          -- Mike

From: OAuth <oauth-bounces@ietf.org> On Behalf Of Brian Campbell
Sent: Wednesday, April 7, 2021 1:30 PM
To: oauth <oauth@ietf.org>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt

A new revision of DPoP has been published. The doc history snippet is copied below. The main change here is the addition of an access token hash claim.

   -03

   *  Add an access token hash ("ath") claim to the DPoP proof when used
      in conjunction with the presentation of an access token for
      protected resource access

   *  add Untrusted Code in the Client Context section to security
      considerations

   *  Editorial updates and fixes

---------- Forwarded message ---------
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Wed, Apr 7, 2021 at 2:16 PM
Subject: New Version Notification for draft-ietf-oauth-dpop-03.txt


A new version of I-D, draft-ietf-oauth-dpop-03.txt
has been successfully submitted by Brian Campbell and posted to the
IETF repository.

Name:           draft-ietf-oauth-dpop
Revision:       03
Title:          OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)
Document date:  2021-04-07
Group:          oauth
Pages:          32
URL:            https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-03.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/
Html:           https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-03.html
Htmlized:       https://tools.ietf.org/html/draft-ietf-oauth-dpop-03
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dpop-03

Abstract:
   This document describes a mechanism for sender-constraining OAuth 2.0
   tokens via a proof-of-possession mechanism on the application level.
   This mechanism allows for the detection of replay attacks with access
   and refresh tokens.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.

The IETF Secretariat


CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.