[OAUTH-WG] Fwd: New Version Notification for draft-fett-oauth-dpop-03.txt
Brian Campbell <bcampbell@pingidentity.com> Thu, 31 October 2019 19:21 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 805371208D9 for <oauth@ietfa.amsl.com>; Thu, 31 Oct 2019 12:21:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QuX24M5yQoWD for <oauth@ietfa.amsl.com>; Thu, 31 Oct 2019 12:21:22 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBE901209D0 for <oauth@ietf.org>; Thu, 31 Oct 2019 12:21:00 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id f5so5581544lfp.1 for <oauth@ietf.org>; Thu, 31 Oct 2019 12:21:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=08INO1NIUPggKWaEWJ9kXne8YAazlD9kNcbfxk0vi5s=; b=kjXzp0C4RNLgQRtRmXsJgzeYUxd44KVhA3N8Z52pu5XmvNiN9XtjnZNm3d1D3dMsyY sKcvEo6nA0hoY+fiSs/76IHGjxhF4MSmoh7SqF12PK8mX0Ac07A/M+/8G5VjICN4wZJD P1pRK97/JBLyTM+bXLAOyEwpj0YwSQefvAmFI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=08INO1NIUPggKWaEWJ9kXne8YAazlD9kNcbfxk0vi5s=; b=iFPkW4ZBk7YXj6Bp60yZVy/ON2bZEYR/Plei47Lwh+qKbPVVCYQOrgAEjQ7IphdwXo srXGK+SizT2PvCThm9prXrdsprUrPFDw+3ZJfoOJhrTYqPskSAnMRBlPH0Bn1d56X/Zd TjhtZa4vgTKsVUUcINOIgt4j440BAXb3rCNVcH0cMq2ei3KhUqwz4tpS42blbhNBHA25 Yt1jMwN84ZFJ/ibIUXFU79ODJ1jANLIpUR/apaZy+ZbkePpg/PLEundSN0WMgdFF42jj ++z5UfoCoFqhKQ9uSSOshJ/Tig2+CzeSIOwmjpo0aacaDYJHmDR7TPl80fuHTFBmTKRH xGiQ==
X-Gm-Message-State: APjAAAXI0DDMOwAQKGjztJx7Povxjur4ovgdo3ODCBo/pvNzJk76ZtJ2 stZdrafilZfT1UvWvsQiRTDbQgpyVYJa2yDWw0qCY/+11blmmEJMhy9aEhE8SQmHKv53O6mExP2 rrr7jRQqG7/rJOfwtFrk=
X-Google-Smtp-Source: APXvYqyRLGj+5yz7NMQ9G0wey7JZhUYI4Om0BYAd9BLn4wBmPg7O6rM2JEoZyod6a4kKG23eEzvhF1EBVYXaOEMkUPQ=
X-Received: by 2002:a19:7d06:: with SMTP id y6mr4821712lfc.120.1572549658694; Thu, 31 Oct 2019 12:20:58 -0700 (PDT)
MIME-Version: 1.0
References: <157254438077.30463.2012864551682668420.idtracker@ietfa.amsl.com>
In-Reply-To: <157254438077.30463.2012864551682668420.idtracker@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 31 Oct 2019 13:20:32 -0600
Message-ID: <CA+k3eCQrdDqMTHD6bgV-jOTC5DRn3tj2RME1=jdzR6H3W45+BA@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cc715a059639bf44"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/BWGfQcu6vEdJcQWSm9wAcCgnYO0>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-fett-oauth-dpop-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 19:21:25 -0000
Hello WG, Just a quick note to let folks know that -03 of the DPoP draft was published earlier today. The usual various document links are in the forwarded message below and the relevant snippet from the doc history with a summary of the changes is included here for convenience. Hopefully folks will have time to read the (relativity) short document before the meeting(s) in Singapore where (spoiler alert) I plan to ask that the WG consider adoption of the draft. Thanks, -03 o rework the text around uniqueness requirements on the jti claim in the DPoP proof JWT o make tokens a bit smaller by using "htm", "htu", and "jkt" rather than "http_method", "http_uri", and "jkt#S256" respectively o more explicit recommendation to use mTLS if that is available o added David Waite as co-author o editorial updates ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Thu, Oct 31, 2019 at 11:53 AM Subject: New Version Notification for draft-fett-oauth-dpop-03.txt To: Torsten Lodderstedt <torsten@lodderstedt.net>, Michael Jones < mbj@microsoft.com>, John Bradley <ve7jtb@ve7jtb.com>, Brian Campbell < bcampbell@pingidentity.com>, David Waite <david@alkaline-solutions.com>, Daniel Fett <mail@danielfett.de> A new version of I-D, draft-fett-oauth-dpop-03.txt has been successfully submitted by Brian Campbell and posted to the IETF repository. Name: draft-fett-oauth-dpop Revision: 03 Title: OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) Document date: 2019-10-30 Group: Individual Submission Pages: 15 URL: https://www.ietf.org/internet-drafts/draft-fett-oauth-dpop-03.txt Status: https://datatracker.ietf.org/doc/draft-fett-oauth-dpop/ Htmlized: https://tools.ietf.org/html/draft-fett-oauth-dpop-03 Htmlized: https://datatracker.ietf.org/doc/html/draft-fett-oauth-dpop Diff: https://www.ietf.org/rfcdiff?url2=draft-fett-oauth-dpop-03 Abstract: This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Fwd: New Version Notification for draf… Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Denis
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Paul Querna
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… David Waite
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Dick Hardt
- Re: [OAUTH-WG] New Version Notification for draft… Justin Richer
- Re: [OAUTH-WG] New Version Notification for draft… Rob Otto
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Mike Jones
- Re: [OAUTH-WG] New Version Notification for draft… Filip Skokan
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Rob Otto
- Re: [OAUTH-WG] New Version Notification for draft… Filip Skokan
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Mike Jones
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Dick Hardt
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Aaron Parecki
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Petteri Stenius
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Jim Manico
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Dave Tonge
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Jared Jennings
- Re: [OAUTH-WG] New Version Notification for draft… Aaron Parecki
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Richard Backman, Annabelle
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: New Versio… Richard Backman, Annabelle
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: New Versio… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: [UNVERIFIE… Richard Backman, Annabelle
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: [UNVERIFIE… Rifaat Shekh-Yusef