Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-mtls-00.txt
Vladimir Dzhuvinov <vladimir@connect2id.com> Thu, 06 April 2017 07:54 UTC
Return-Path: <vladimir@connect2id.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7119A127011 for <oauth@ietfa.amsl.com>; Thu, 6 Apr 2017 00:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.918
X-Spam-Level:
X-Spam-Status: No, score=-1.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rMd8gAThkQIn for <oauth@ietfa.amsl.com>; Thu, 6 Apr 2017 00:54:39 -0700 (PDT)
Received: from p3plsmtpa07-07.prod.phx3.secureserver.net (p3plsmtpa07-07.prod.phx3.secureserver.net [173.201.192.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B08A12704A for <oauth@ietf.org>; Thu, 6 Apr 2017 00:54:39 -0700 (PDT)
Received: from [192.168.1.3] ([95.43.38.143]) by :SMTPAUTH: with SMTP id w2F4cFGmW9O79w2F5c3VmF; Thu, 06 Apr 2017 00:54:08 -0700
To: oauth@ietf.org
References: <149090694651.9027.6337833834024757190.idtracker@ietfa.amsl.com> <CAAX2Qa1OAoY0TOPX-19XgVrxq_63GN5obbh9VB_7851YXERfXA@mail.gmail.com> <CA+k3eCTZ=6vG=vpL2ZR3oDMG+LJBT8xMSoTsam8fR_0bbXf6OQ@mail.gmail.com>
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
Organization: Connect2id Ltd.
Message-ID: <dda3f3be-24bb-b77a-45c5-650b5e961b44@connect2id.com>
Date: Thu, 06 Apr 2017 10:54:05 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CA+k3eCTZ=6vG=vpL2ZR3oDMG+LJBT8xMSoTsam8fR_0bbXf6OQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------5C8464C87233BAB322E9874C"
X-CMAE-Envelope: MS4wfB0/1DymYdygoCVvfEolisseINLbgyjaaxGBRfxwKpjuFQjh9FXqoksSrt9XH2teP8sbAtxwQTLQylSjfr/jtO9FeJFrHpfvHyFUHU1s0IaUT7VMqq5U JPYWpx7M3iGZAIp/bxSc35Um+Q+s/cYpoU8y5bPweb8TSzp9wR0wVMcS
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/CWaN34EXXFAWKZVUOIk643En3EM>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-mtls-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 07:54:41 -0000
The cert / token binding is a significant upgrade on the previous version, and I hope it will become an official WG item. I also see that the comments about which certificate fields to use to identify the client were addressed, this is important for interop. Thanks for the great work, Vladimir On 31/03/17 00:15, Brian Campbell wrote: > This document, which I hope to present and discuss briefly at tomorrow's > meeting, replaces (but keeps the feature) the Mutual TLS Authentication for > OAuth Clients > <https://tools.ietf.org/html/draft-campbell-oauth-tls-client-auth-00> that > was published leading up to the Seoul meeting > <https://www.ietf.org/mail-archive/web/oauth/current/msg16704.html> and > adds mutual TLS sender constrained access to OAuth protected resources. The > concept for the latter was largely derived from one of the options in the > JPOP draft <https://tools.ietf.org/html/draft-sakimura-oauth-jpop-04>. I > apologize for the 11th hour publication but hope some folks will have a > chance to read it. > > ---------- Forwarded message ---------- > From: <internet-drafts@ietf.org> > Date: Thu, Mar 30, 2017 at 3:49 PM > Subject: New Version Notification for draft-campbell-oauth-mtls-00.txt > To: Brian Campbell <brian.d.campbell@gmail.com>, Nat Sakimura < > n-sakimura@nri.co.jp>, Torsten Lodderstedt <torsten@lodderstedt.net>, John > Bradley <ve7jtb@ve7jtb.com> > > > > A new version of I-D, draft-campbell-oauth-mtls-00.txt > has been successfully submitted by Brian Campbell and posted to the > IETF repository. > > Name: draft-campbell-oauth-mtls > Revision: 00 > Title: Mutual TLS Profiles for OAuth Clients > Document date: 2017-03-30 > Group: Individual Submission > Pages: 10 > URL: https://www.ietf.org/internet-drafts/draft-campbell-oauth-mt > ls-00.txt > Status: https://datatracker.ietf.org/doc/draft-campbell-oauth-mtls/ > Htmlized: https://tools.ietf.org/html/draft-campbell-oauth-mtls-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-campbell-oauth- > mtls-00 > > > Abstract: > This document describes Transport Layer Security (TLS) mutual > authentication using X.509 certificates as a mechanism for both OAuth > client authentication to the token endpoint as well as for sender > constrained access to OAuth protected resources. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- Vladimir Dzhuvinov :: vladimir@connect2id.com
- Re: [OAUTH-WG] Fwd: New Version Notification for … Sergey Beryozkin
- [OAUTH-WG] Fwd: New Version Notification for draf… Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Dave Tonge
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Vladimir Dzhuvinov
- Re: [OAUTH-WG] Fwd: New Version Notification for … Sergey Beryozkin
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Sergey Beryozkin
- Re: [OAUTH-WG] Fwd: New Version Notification for … Steve Hutchinson