[OAUTH-WG] Call for Adoption: OAuth 2.0 Mix-Up Mitigation

Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 19 January 2016 11:49 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3AA51B2C7C for <oauth@ietfa.amsl.com>; Tue, 19 Jan 2016 03:49:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trjYx8lEZU4q for <oauth@ietfa.amsl.com>; Tue, 19 Jan 2016 03:49:57 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B2B51B2C78 for <oauth@ietf.org>; Tue, 19 Jan 2016 03:49:56 -0800 (PST)
Received: from [192.168.10.141] ([82.142.85.169]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MQ2Wx-1aGpxx3YNH-005IAz for <oauth@ietf.org>; Tue, 19 Jan 2016 12:49:54 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Enigmail-Draft-Status: N1110
To: "oauth@ietf.org" <oauth@ietf.org>
Message-ID: <569E22E1.5010402@gmx.net>
Date: Tue, 19 Jan 2016 12:49:53 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="A46MXO0oN94BcaJJS7JirBrFThhQ6onON"
X-Provags-ID: V03:K0:QoWFcDdpn36R/lriqL77yMSQfVL8CtI5jzJltWQXT4aiqM/b6Lj OysrRph2VdEH1ebhZwpAs/uSKNF+HAzxY806hy941XeKjJ9HNHhfxjkkh5LaiTDSOLYoO2e NATwqMlkdjQoc5VM3+JWgaglSSR+/w0Hz9NIee1GlhpptNsq8A24RBG2AZqCgmIYXhmj4DN l1vNj1vHQA3zHykBMmmTw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:7JoLwzR0/To=:e4MNORRhVE4ZVkDHsYgEK0 v9S1bcriaEO35nsIC69sVoksFpncjzrgkQr0J+NpE4L0E70o+7VP/HnTeq6yEz1onsLuJqLlN 8QsDtkuXrDLxfYoJ/eQbDTH2n2+5oIb7yy60ovr4akQhtbkUHE+cpcWi/llf2OwixsG8mGZt2 6aO+sBJarjMo7fyuKOXaqxz2PZkeElUepkidDTf0EVMynqQD7A5RBxTEbp66WETIkpSxQmqp7 yv7x9jXA4aPrEP+AEzdWoSFHwBC4mUAGETcx9eLrc+eKORM/de2bH3HR0GVjty7zdyn3Bn+yt 0WnZjI7lUA3JdWc0a7LRelkwfcTr2SpFjv/6WbDga7h6aOavd3MF9Y2gWy5ogOp/Um1owzTu0 Ik+4yv6dNJmTVHygJIAZwdr2erebbe8sRtFleneTCNnx0Fzl4vWx5dX4K3xiaiCHc/UlSMc4v Qq0uOtuyqYR+KdaAK7mBlkeTyiq5QWSHNvjkmaXDkWeDs9BWnaj3FCmtKBz4mK6IbJ0Cn4XyJ Lb8HTtwph6gR3q/nnI03CREI4L2qKD68R/YO/cG3MbGWbTIJkcPLEMsvGG8tG/Swcp8GRe1qe 553Le/esXaZ21uFwTY2mYQ/dGjItPWV0L1azAabuoXubJF32nnv2LHIsYsvHqTeg1ZF6/aUJa 7Y7fXeUk2SKOdDBjoa1KTr0UDI/y4/HSF8XlNMjJnPk2RIk3ZPxfWn7Gck2yLvNsPX/bioP43 DUPbK3DbpmCwD5cmQR0hdcf5WzluDCX+XE4LvekMoCpnIuGyfzG3r3wHp1o=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/CkzGsvYz7T9u3cUZO7dX3J7I3WI>
Subject: [OAUTH-WG] Call for Adoption: OAuth 2.0 Mix-Up Mitigation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2016 11:49:59 -0000

Hi all,

this is the call for adoption of OAuth 2.0 Mix-Up Mitigation, see
https://tools.ietf.org/html/draft-jones-oauth-mix-up-mitigation-00

Please let us know by Feb 9th whether you accept / object to the
adoption of this document as a starting point for work in the OAuth
working group.

Note: This call is related to the announcement made on the list earlier
this month, see
http://www.ietf.org/mail-archive/web/oauth/current/msg15336.html. More
time for analysis is provided due to the complexity of the topic.

Ciao
Hannes & Derek