Re: [OAUTH-WG] Call for adoption: OAuth Security Topics

Justin Richer <jricher@mit.edu> Thu, 02 February 2017 19:49 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 857961299A8 for <oauth@ietfa.amsl.com>; Thu, 2 Feb 2017 11:49:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.399
X-Spam-Level:
X-Spam-Status: No, score=-7.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z4UN-sgC_m5E for <oauth@ietfa.amsl.com>; Thu, 2 Feb 2017 11:49:55 -0800 (PST)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD1FC129996 for <oauth@ietf.org>; Thu, 2 Feb 2017 11:49:54 -0800 (PST)
X-AuditID: 12074422-78bff70000000a5a-93-58938d60d6a2
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 79.A4.02650.06D83985; Thu, 2 Feb 2017 14:49:52 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id v12JnpNJ026702; Thu, 2 Feb 2017 14:49:52 -0500
Received: from [192.168.128.57] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v12Jnodl022559 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 2 Feb 2017 14:49:51 -0500
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
References: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net>
From: Justin Richer <jricher@mit.edu>
Message-ID: <049d7f8f-505b-2026-5894-2a1931e635cc@mit.edu>
Date: Thu, 02 Feb 2017 14:49:42 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net>
Content-Type: multipart/alternative; boundary="------------8DFC740078C7BD718D435955"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsUixG6nrpvQOznCYO4hI4ulO++xWpx8+4rN gclj8ab9bB5LlvxkCmCK4rJJSc3JLEst0rdL4Mq43zSfqaBHvOLreaUGxn9CXYycHBICJhJT Fv1j7mLk4hASaGOSOPuphQ3C2cAo8anrAFTmFpPEzs4nrCAtwgIOEvNunmQHsUUEYiUu/T0B FhcSsJI40H2cGcRmE1CVmL6mhQnE5gWK35/yigXEZhFQkfh+6yCYLSoQI/FyzyoWiBpBiZMz n4DZnALWElumngCaw8HBLBAmMbGjbAIj3ywkVbMQMiBhZgFbiTtzdzND2PIS29/OgbJ1JRZt W8EOE2/eOpt5ASPbKkbZlNwq3dzEzJzi1GTd4uTEvLzUIl1TvdzMEr3UlNJNjODgdVHawTjx n9chRgEORiUe3gLPyRFCrIllxZW5hxglOZiURHmnaAGF+JLyUyozEosz4otKc1KLDzFKcDAr ifBObAbK8aYkVlalFuXDpKQ5WJTEecU1GiOEBNITS1KzU1MLUotgsjIcHEoSvHN7gBoFi1LT UyvSMnNKENJMHJwgw3mAhjOC1PAWFyTmFmemQ+RPMSpKifNuBEkIgCQySvPgekHJJeHtYdNX jOJArwjzioNU8QATE1z3K6DBTECDfz6eBDK4JBEhJdXAOH3WHXdfjswtTrIaVo7JbL8NXkpe mMqyocDqcIjt6br8898vqN3fyViy6Ivr5+MTXXTehF6vF9jd1G54epuYAEO5+/7TAfEW+zra 9s5VXjr9XUfj6UXcj9ldrOb9ePDkR4WHJEvEzOb1X0pF57H5SLi4TL7x5ov1IxanDdyfLvCc U/+TfmnbXSWW4oxEQy3mouJEAF6bQPwJAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ERAy7o_yTQl9cQmmMcQ8t1BSTCc>
Subject: Re: [OAUTH-WG] Call for adoption: OAuth Security Topics
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 19:49:57 -0000

+1, it's a good topic and this document is a good starting point.

  -- Justin


On 2/2/2017 2:09 AM, Hannes Tschofenig wrote:
> Hi all,
>
> this is the call for adoption of the 'OAuth Security Topics' document
> following the positive call for adoption at the last IETF
> meeting in Seoul.
>
> Here is the document:
> https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00
>
> The intention with this document is to have a place to collect
> discussions and conclusions around OAuth 2.0 security and to reference
> the actual solution specifications.
>
> Please let us know by Feb 16th whether you accept / object to the
> adoption of this document as a starting point for work in the OAuth
> working group.
>
> Ciao
> Hannes & Derek
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth