Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector
George Fletcher <gffletch@aol.com> Thu, 21 January 2016 18:34 UTC
Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 423E81A8999 for <oauth@ietfa.amsl.com>; Thu, 21 Jan 2016 10:34:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZrHPToC6ImJ6 for <oauth@ietfa.amsl.com>; Thu, 21 Jan 2016 10:34:40 -0800 (PST)
Received: from omr-m014e.mx.aol.com (omr-m014e.mx.aol.com [204.29.186.13]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05DD71A8986 for <oauth@ietf.org>; Thu, 21 Jan 2016 10:34:40 -0800 (PST)
Received: from mtaout-aag02.mx.aol.com (mtaout-aag02.mx.aol.com [172.26.126.78]) by omr-m014e.mx.aol.com (Outbound Mail Relay) with ESMTP id 3D3B538000BE; Thu, 21 Jan 2016 13:34:39 -0500 (EST)
Received: from [10.172.102.124] (unknown [10.172.102.124]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mtaout-aag02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id B1A9138000096; Thu, 21 Jan 2016 13:34:38 -0500 (EST)
To: John Bradley <ve7jtb@ve7jtb.com>
References: <569E2260.4080904@gmx.net> <CAAP42hCmVB0QzAqFaFa68j1FbjSgZ-xSWw+CHT+fa_EsL2W22w@mail.gmail.com> <B1D935B9-0716-4F68-8C6A-9538CEF021F3@ve7jtb.com> <CABzCy2AZ3ZNhgNxD8pZysvd6zHVhSte7m2+=HjPRxsO4WQW5dA@mail.gmail.com> <28F1D605-CE87-4E74-8037-740EEB6129C7@ve7jtb.com> <CA+k3eCR2B8SGKRzat5Co3L_47ydXgRnAnCJE3k62jE9GnJrMPQ@mail.gmail.com>
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
Message-ID: <56A124BC.9050106@aol.com>
Date: Thu, 21 Jan 2016 13:34:36 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <CA+k3eCR2B8SGKRzat5Co3L_47ydXgRnAnCJE3k62jE9GnJrMPQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------040802050801030301060207"
x-aol-global-disposition: G
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20150623; t=1453401279; bh=GHH4SWIDqVHsbnj68aJ5+PusBUHhGRdi+H6mFYqllLM=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=zzcwGCXAVOhOZGMbJXaupSfUU9/HQh008FcNoUNKptjNIkT6HwfO9hBJhrPVZfT9d kmMbtP/fyrFsvPHNMYIwuCUrYXLGx/axC3cq0wIrS8hpPU/JBIj9gpxK0rtIt7w/H8 KxDP76dtBO/pyZ+VUBXJKW+U+O0vRbQG0awzP2Mw=
x-aol-sid: 3039ac1a7e4e56a124be73da
X-AOL-IP: 10.172.102.124
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/Bd8qXSn6rcHoKLK9GUUivAk_O6w>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2016 18:34:42 -0000
+1 On 1/21/16 12:34 PM, Brian Campbell wrote: > +1 > > On Thu, Jan 21, 2016 at 7:48 AM, John Bradley <ve7jtb@ve7jtb.com > <mailto:ve7jtb@ve7jtb.com>> wrote: > > Yes we did discuss changing the title as part of adopting it. > >> On Jan 21, 2016, at 11:28 AM, Nat Sakimura <sakimura@gmail.com >> <mailto:sakimura@gmail.com>> wrote: >> >> +1 apart from the title... It sounds like the spec is >> implementing OAuth Open Redirector... >> Something like "preventing OAuth open redirector" or so might be >> more descriptive. >> >> Nat >> >> 2016年1月21日(木) 23:08 John Bradley <ve7jtb@ve7jtb.com >> <mailto:ve7jtb@ve7jtb.com>>: >> >> +1 for adoption >> >>> On Jan 21, 2016, at 3:18 AM, William Denniss >>> <wdenniss@google.com <mailto:wdenniss@google.com>> wrote: >>> >>> +1 for adoption. >>> >>> On Tue, Jan 19, 2016 at 7:47 PM, Hannes Tschofenig >>> <hannes.tschofenig@gmx.net >>> <mailto:hannes.tschofenig@gmx.net>> wrote: >>> >>> Hi all, >>> >>> this is the call for adoption of OAuth 2.0 Security: >>> OAuth Open >>> Redirector, see >>> https://tools.ietf.org/html/draft-bradley-oauth-open-redirector-02 >>> >>> Please let us know by Feb 2nd whether you accept / >>> object to the >>> adoption of this document as a starting point for work >>> in the OAuth >>> working group. >>> >>> Note: At the IETF Yokohama we asked for generic feedback >>> about doing >>> security work in the OAuth working group and there was >>> very positive >>> feedback. However, for the adoption call we need to ask >>> for individual >>> documents. Hence, you need to state your view again. >>> >>> Ciao >>> Hannes & Derek >>> >>> >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org <mailto:OAuth@ietf.org> >>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org <mailto:OAuth@ietf.org> >>> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth >> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- Chief Architect Identity Services Engineering Work: george.fletcher@teamaol.com AOL Inc. AIM: gffletch Mobile: +1-703-462-3494 Twitter: http://twitter.com/gffletch Office: +1-703-265-2544 Photos: http://georgefletcher.photography
- [OAUTH-WG] Call for Adoption: OAuth 2.0 Security:… Hannes Tschofenig
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… Antonio Sanso
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… William Denniss
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… John Bradley
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… John Bradley
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… Brian Campbell
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… George Fletcher
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… Phil Hunt
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… George Fletcher
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… Mike Jones
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Secur… Roland Hedberg