Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-mtls-00.txt

Vladimir Dzhuvinov <vladimir@connect2id.com> Thu, 06 April 2017 07:54 UTC

Return-Path: <vladimir@connect2id.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7119A127011 for <oauth@ietfa.amsl.com>; Thu, 6 Apr 2017 00:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.918
X-Spam-Level:
X-Spam-Status: No, score=-1.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rMd8gAThkQIn for <oauth@ietfa.amsl.com>; Thu, 6 Apr 2017 00:54:39 -0700 (PDT)
Received: from p3plsmtpa07-07.prod.phx3.secureserver.net (p3plsmtpa07-07.prod.phx3.secureserver.net [173.201.192.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B08A12704A for <oauth@ietf.org>; Thu, 6 Apr 2017 00:54:39 -0700 (PDT)
Received: from [192.168.1.3] ([95.43.38.143]) by :SMTPAUTH: with SMTP id w2F4cFGmW9O79w2F5c3VmF; Thu, 06 Apr 2017 00:54:08 -0700
To: oauth@ietf.org
References: <149090694651.9027.6337833834024757190.idtracker@ietfa.amsl.com> <CAAX2Qa1OAoY0TOPX-19XgVrxq_63GN5obbh9VB_7851YXERfXA@mail.gmail.com> <CA+k3eCTZ=6vG=vpL2ZR3oDMG+LJBT8xMSoTsam8fR_0bbXf6OQ@mail.gmail.com>
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
Organization: Connect2id Ltd.
Message-ID: <dda3f3be-24bb-b77a-45c5-650b5e961b44@connect2id.com>
Date: Thu, 6 Apr 2017 10:54:05 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CA+k3eCTZ=6vG=vpL2ZR3oDMG+LJBT8xMSoTsam8fR_0bbXf6OQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------5C8464C87233BAB322E9874C"
X-CMAE-Envelope: MS4wfB0/1DymYdygoCVvfEolisseINLbgyjaaxGBRfxwKpjuFQjh9FXqoksSrt9XH2teP8sbAtxwQTLQylSjfr/jtO9FeJFrHpfvHyFUHU1s0IaUT7VMqq5U JPYWpx7M3iGZAIp/bxSc35Um+Q+s/cYpoU8y5bPweb8TSzp9wR0wVMcS
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/CWaN34EXXFAWKZVUOIk643En3EM>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-mtls-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 07:54:41 -0000

The cert / token binding is a significant upgrade on the previous
version, and I hope it will become an official WG item.

I also see that the comments about which certificate fields to use to
identify the client were addressed, this is important for interop.

Thanks for the great work,

Vladimir


On 31/03/17 00:15, Brian Campbell wrote:
> This document, which I hope to present and discuss briefly at tomorrow's
> meeting, replaces (but keeps the feature) the Mutual TLS Authentication for
> OAuth Clients
> <https://tools.ietf.org/html/draft-campbell-oauth-tls-client-auth-00> that
> was published leading up to the Seoul meeting
> <https://www.ietf.org/mail-archive/web/oauth/current/msg16704.html> and
> adds mutual TLS sender constrained access to OAuth protected resources. The
> concept for the latter was largely derived from one of the options in the
> JPOP draft <https://tools.ietf.org/html/draft-sakimura-oauth-jpop-04>;. I
> apologize for the 11th hour publication but hope some folks will have a
> chance to read it.
>
> ---------- Forwarded message ----------
> From: <internet-drafts@ietf.org>;
> Date: Thu, Mar 30, 2017 at 3:49 PM
> Subject: New Version Notification for draft-campbell-oauth-mtls-00.txt
> To: Brian Campbell <brian.d.campbell@gmail.com>;, Nat Sakimura <
> n-sakimura@nri.co.jp>;, Torsten Lodderstedt <torsten@lodderstedt.net>;, John
> Bradley <ve7jtb@ve7jtb.com>;
>
>
>
> A new version of I-D, draft-campbell-oauth-mtls-00.txt
> has been successfully submitted by Brian Campbell and posted to the
> IETF repository.
>
> Name:           draft-campbell-oauth-mtls
> Revision:       00
> Title:          Mutual TLS Profiles for OAuth Clients
> Document date:  2017-03-30
> Group:          Individual Submission
> Pages:          10
> URL:            https://www.ietf.org/internet-drafts/draft-campbell-oauth-mt
> ls-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-campbell-oauth-mtls/
> Htmlized:       https://tools.ietf.org/html/draft-campbell-oauth-mtls-00
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-campbell-oauth-
> mtls-00
>
>
> Abstract:
>    This document describes Transport Layer Security (TLS) mutual
>    authentication using X.509 certificates as a mechanism for both OAuth
>    client authentication to the token endpoint as well as for sender
>    constrained access to OAuth protected resources.
>
>
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

-- 
Vladimir Dzhuvinov :: vladimir@connect2id.com