Re: [OAUTH-WG] [IANA #1270467] expert review for draft-ietf-oauth-dpop (oauth-parameters)
Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 13 April 2023 16:03 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 593C0C14F693; Thu, 13 Apr 2023 09:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bZv1I3Q1XVWW; Thu, 13 Apr 2023 09:03:41 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D98DC14CEFA; Thu, 13 Apr 2023 09:03:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1681401791; i=hannes.tschofenig@gmx.net; bh=Mc5suk6A2B33wYNIYo6684b4/lVjF9Rwz1U+Moq+VWs=; h=X-UI-Sender-Class:Date:Subject:To:Cc:References:From:In-Reply-To; b=OL/WDp+telRAX+03WYOaXKNONe+tVjcaSVikb6qXf3v24pG8FMS7OenMBL+3FazNw n4HFDzxGTQMU7LpoysaHThec5LEjNb9eviVEqEuIyrsWvegZoHdxUMOLiGEftFDIIc QaLR56Rv/LO/jAgvOzBvKFRENf+Jolpkp2IZAM1g09jIh2oBhEGb1LRV3b8q8rYMU0 rvyEwxthZZsRqobp0nw84UxAJ8n1knJxLFK6EAOfsPEYTxXAQt0QgLb8Nwqgh4p8zs ryoOtK2S2Xqb9wK4zx8vydpVoKIIH78LKT3fAOn6ccuWlvjwCIlLxhMCYXI/kvnmrC sG7TY5XbtENnA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [172.16.254.146] ([195.149.218.225]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1Mw9UK-1qf5VC3PMa-00s7l3; Thu, 13 Apr 2023 18:03:10 +0200
Message-ID: <be16ad0f-2e85-c5d9-7fe2-40b6f25909bf@gmx.net>
Date: Thu, 13 Apr 2023 18:03:09 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1
To: drafts-expert-review-comment@iana.org
Cc: oauth-ext-review@ietf.org, oauth@ietf.org
References: <RT-Ticket-1270467@icann.org> <rt-5.0.3-2894348-1680793604-198.1270467-9-0@icann.org> <rt-5.0.3-2894171-1680794041-134.1270467-9-0@icann.org> <rt-5.0.3-3523199-1681157234-187.1270467-9-0@icann.org> <rt-5.0.3-3721200-1681278234-1760.1270467-9-0@icann.org> <rt-5.0.3-3874747-1681393873-590.1270467-9-0@icann.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <rt-5.0.3-3874747-1681393873-590.1270467-9-0@icann.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:dWA/e5JXNjqzBpTh5uxaBtlWJOJ7hv7cM+/yQbrc7T+X9btLnik oRYTYJxS9Fyc2oPtt8z45eBjeNKWNFCuwbeI1yuI719d23DT+FbXg0GR6Gkha+CknMh7pdY cusQyvfuZh7/anERukSlsi7CAP5GwgHsTrFZ8F/rJnQUwkhijG1+3gD/ce+yfV0IoZS57jM mTPosReZhlV7DFy9eKaDA==
UI-OutboundReport: notjunk:1;M01:P0:pMVS+38qtf0=;dgdv9G0MU/mP8bKUwSwiJIs4zb9 3jW8CqSh1v0iXftByGaoqtaGWuGiqI4CNXUAlmA2LJnqbvP7/cVnLECtczaYvVe99pzKHe+T3 qLsLW7Ogyd10sLm2nPkCzaQa+tGBH7StxiRYnfVm82MHx1AU/8kh6nAcGxIaAKZPtuw/Z+qGs ipz6uLs+29fQ7OlT4P2DydhJSiVX5gTbYZ6uHmzN+JR+8IHMy+Jk9pihCkrhON2F+gE/euORC +PElWHeqTsF/gYfg3rstcVDJfuoO/BIOQNjOa14fIU3+zVoZWJQ6QzLsy2cBj6P+4/imYX2iR I6ZLsbLa5El8eyFU2XpfXwZaOrxigAZqXpBxTs473xcHWBqBySoXjPG9Q8OwStcRAuSc2FtaI 9NxE+goQ1tL62sYzyb64eMoPNrpqGBeLtDdJ8S0LUYg7H7kshZpVU1R4Hpktmc6zjFqX6x+Jb tldhNLS1+Dffz8JhUg08/v3GNYpaYcOPntdIqiKbAedoX8teSkIh1Fd/tl1d1cXC6NnaNlew0 hXyYLc9oykv6Xz/b+INvvgL33HYDdv0w3+xn+LCeQ1zvqjBVfqbFS9owfeyKMNqNX9AzsB7Es Rx/5bURm33bflai88XVcU4+Yc+vL+MWcjO8eSFT3N8uCaQ0zjKkOUgCr6zwhfumM1SaH+ItiS WRAVkxPM0KYP70XDqg4UUpyNHXxLdXO5g+ELgcIgQq+IJ1JZN5gMyZvPx/KMMe5dqwfIM5CWZ a9sR7/Hgc9VBMQCDprWH2iBLdwiOfmDnLhv9wZF81kXt0QgJjXpspnGIsAIFAM0p4l6Cl34iv UmH2uKIdu/X8yR/H7a0xJrse9Cur5Hu8/B34yIcwlhqWt64a32T25ile2Ivx3oYq1DOsEJvht fa2OYjkMIJZ6dFwsFN0Sg2/dPHxAqft70uCGx7ASCYuFSD+QSEj98MOilkDRxiedNHtUWhxhY 1Wk1Cg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/BV976_euq1ncEaPVP4dn9pYhWMg>
Subject: Re: [OAUTH-WG] [IANA #1270467] expert review for draft-ietf-oauth-dpop (oauth-parameters)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2023 16:03:45 -0000
Hi Amanda, adding "DPoP" to the OAuth Access Token Types registry is fine as well. Regarding the entries to the "OAuth Access Token Types" registry I have a question: The location should be "resource access error response" rather than "resource error response". If so, then the entries are OK but the change needs to be made. Regarding the "OAuth Parameters" registry: The registration of the dpop_jkt parameter is OK as well. Ciao Hannes Am 13.04.2023 um 15:51 schrieb Amanda Baber via RT: > Hi Hannes, > > We received your JWT review. Thank you! Were you signing off on these as well? > > thanks, > Amanda > > On Wed Apr 12 05:43:54 2023, amanda.baber wrote: >> Hi Hannes, >> >> Can you check this one before Thursday? (We've also sent a separate >> JWT request to you and John.) >> >> thanks, >> Amanda >> >> On Mon Apr 10 20:07:14 2023, david.dong wrote: >>> Dear Hannes, >>> >>> Hello. Have you had a chance to review these proposed registrations? >>> >>> The due date is Wednesday April 12th, 2023, as this document is on >>> this week's IESG telechat agenda. >>> >>> Thank you very much for your time. >>> >>> Best regards, >>> >>> David Dong >>> IANA Services Specialist >>> >>> On Thu Apr 06 15:14:01 2023, david.dong wrote: >>>> Dear Hannes, >>>> >>>> As the designated expert for the OAuth Access Token Types, OAuth >>>> Extensions Error and OAuth Parameters registries, can you review >>>> the >>>> proposed registration in draft-ietf-oauth-dpop for us? Please see: >>>> >>>> https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ >>>> >>>> The due date is Wednesday April 12th, 2023. This document is on >>>> next >>>> week's IESG telechat agenda. >>>> >>>> - >>>> First, in the OAuth Access Token Types registry: >>>> >>>> Name: DPoP >>>> Additional Token Endpoint Response Parameters: >>>> HTTP Authentication Scheme(s): DPoP >>>> Change controller: IETF >>>> Specification document(s): [ RFC-to-be ] >>>> >>>> Second, in the OAuth Extensions Error registry: >>>> >>>> Name: invalid_dpop_proof >>>> Usage Location: token error response, resource error response >>>> Protocol Extension: Demonstrating Proof of Possession (DPoP) >>>> Change controller: IETF >>>> Specification document(s): [ RFC-to-be ] >>>> >>>> Name: use_dpop_nonce >>>> Usage Location: token error response, resource error response >>>> Protocol Extension: Demonstrating Proof of Possession (DPoP) >>>> Change controller: IETF >>>> Specification document(s): [ RFC-to-be ] >>>> >>>> Third, in the OAuth Parameters registry: >>>> >>>> Name: dpop_jkt >>>> Parameter Usage Location: authorization request >>>> Change Controller: IETF >>>> Reference: [ RFC-to-be; Section 10 ] >>>> - >>>> >>>> If this registration is OK, when the IESG approves the document for >>>> publication, we'll make the registration at: >>>> >>>> https://www.iana.org/assignments/oauth-parameters/ >>>> >>>> With thanks, >>>> >>>> David Dong >>>> IANA Services Specialist > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] [IANA #1270467] expert review for draf… Amanda Baber via RT
- Re: [OAUTH-WG] [IANA #1270467] expert review for … Hannes Tschofenig