Re: [OAUTH-WG] Call for adoption: OAuth Security Topics

Mike Jones <Michael.Jones@microsoft.com> Thu, 02 February 2017 19:19 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BFD012996B for <oauth@ietfa.amsl.com>; Thu, 2 Feb 2017 11:19:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Qyo6LV0EV78 for <oauth@ietfa.amsl.com>; Thu, 2 Feb 2017 11:19:45 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0118.outbound.protection.outlook.com [104.47.42.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7067812996F for <oauth@ietf.org>; Thu, 2 Feb 2017 11:19:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=n+1Z/Bmeid5O+WQ2kMbVCulhkSLIybKtu02dNS4Ts/E=; b=S1mD6o4tFhrapJ1DvwfOtEj+NJ+0EwnTk/n6MdrKRB2W9/TrC2NmeXM/1SSJsisLZvkWIdciaz3cR55aJJpl+T4SeZPHqJgrwbEBH++w1++ayIYDPKI4gPsCy0iPLr+X/tMSoKtJXvWVg+yk4j+ryhaZqtq/YCMueipkWMBOMt0=
Received: from BN3PR03MB2355.namprd03.prod.outlook.com (10.166.74.150) by BN3PR03MB2356.namprd03.prod.outlook.com (10.166.74.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Thu, 2 Feb 2017 19:19:41 +0000
Received: from BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) by BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) with mapi id 15.01.0874.021; Thu, 2 Feb 2017 19:19:41 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Call for adoption: OAuth Security Topics
Thread-Index: AQHSfSNm+gkY3I6zwESvWUrkZK3bfaFWGEbw
Date: Thu, 2 Feb 2017 19:19:41 +0000
Message-ID: <BN3PR03MB2355F1CD745E353717CE14EEF54C0@BN3PR03MB2355.namprd03.prod.outlook.com>
References: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net>
In-Reply-To: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:4::36]
x-ms-office365-filtering-correlation-id: 9b139409-1bde-4550-e33a-08d44ba07079
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:BN3PR03MB2356;
x-microsoft-exchange-diagnostics: 1; BN3PR03MB2356; 7:fsvSriyvqJ/Rx/Dq4S7h6loa1FKApeEY/ZTLgQWGx7giz4Wv5HewIKqKct5/6LtVyuf/R+ZBJF98zZeBmH18ETvREGukzOU3UGZzfh/ASIpf++xMvmENELJD3vQLacJCGSPfzu/72BJVRnNC9rlTk0jhEA1nWg/DpsxvbV7p2BqzGZo1XisxVz/AbGn10aJQ6SB1yOi4J++LB4pvYSX8yWU17ZMeXjQEWPlXymdlIShAknqNEUuVriWu0PxNValQMPjOOFH2ZLZr113O9r7G0YOQO4NsEI4Jej940xpW1N+cBV15CKA8SfBA8FtbjpXldHdzycQUerEZbE7ahTNnDx5Al3nr3Vh2hjSdt+zVPDVjFKIEVDuguqXCwGuJyiP1MOeebWd+K5v81IhMqO4LJ3KdWzbIACjXbi0TMgCqupx9SYxGpcOJZamfJ4qNcmK3QHpeXO62FX14o4YYDxLDWHyHpGYz2hpNsVeDmMtrcLNcIEoRLxgeGfmah2mi0SikOGcGrgGia4etbxwzZz4gQg66ubuPpmTh3KLmv7sCYMI=
x-microsoft-antispam-prvs: <BN3PR03MB2356621272931E7F7F0BD20DF54C0@BN3PR03MB2356.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123555025)(20161123562025)(20161123560025)(20161123564025)(20161123558025)(6042181)(6072148); SRVR:BN3PR03MB2356; BCL:0; PCL:0; RULEID:; SRVR:BN3PR03MB2356;
x-forefront-prvs: 02065A9E77
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(53754006)(13464003)(199003)(377454003)(189002)(6436002)(6506006)(7696004)(2501003)(7736002)(8676002)(8936002)(6116002)(305945005)(15650500001)(81156014)(81166006)(9686003)(25786008)(2900100001)(102836003)(3660700001)(55016002)(99286003)(6306002)(8990500004)(10290500002)(5660300001)(53936002)(5005710100001)(229853002)(92566002)(2950100002)(77096006)(38730400001)(10090500001)(68736007)(5001770100001)(122556002)(97736004)(189998001)(107886002)(86612001)(3280700002)(106116001)(33656002)(2906002)(76176999)(54356999)(106356001)(86362001)(74316002)(101416001)(50986999)(105586002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR03MB2356; H:BN3PR03MB2355.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2017 19:19:41.7887 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR03MB2356
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/BOWHRc7IQxhV_UiBF9w7EAhgz3g>
Subject: Re: [OAUTH-WG] Call for adoption: OAuth Security Topics
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 19:19:47 -0000

I support adoption.

				-- Mike

-----Original Message-----
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, February 1, 2017 11:10 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] Call for adoption: OAuth Security Topics

Hi all,

this is the call for adoption of the 'OAuth Security Topics' document following the positive call for adoption at the last IETF meeting in Seoul.

Here is the document:
https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00

The intention with this document is to have a place to collect discussions and conclusions around OAuth 2.0 security and to reference the actual solution specifications.

Please let us know by Feb 16th whether you accept / object to the adoption of this document as a starting point for work in the OAuth working group.

Ciao
Hannes & Derek