IETF Logo Mail Archive

[OAUTH-WG] Re: I-D Action: draft-ietf-oauth-rfc8725bis-04.txt

Michael Jones <michael_b_jones@hotmail.com> Mon, 02 March 2026 23:04 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D26E0C2E4150; Mon, 2 Mar 2026 15:04:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 0.125
X-Spam-Level:
X-Spam-Status: No, score=0.125 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dfQBqodsDzTC; Mon, 2 Mar 2026 15:04:40 -0800 (PST)
Received: from SN4PR0501CU005.outbound.protection.outlook.com (mail-southcentralusazolkn19011058.outbound.protection.outlook.com [52.103.14.58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 57940C2E4147; Mon, 2 Mar 2026 15:04:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=zK87Uw/JKkvxm5rLue9La3ln2V5vFtx2bFLnrXIZrtFAf9rtYLn6Znbo4z7+lax+JrfssL8IYi3t617xBFd0Ba2XbXzH7hDPBt3/BI8J8gGEbHgBduDgJ5LAMC1lWguYIMCLiS0gdnnGjK8vvBRgPuQsqFfxE3ZjE3Cm/ns6XvUtDeI2bq+oRf71HdNV/+TjCiVVXHYKAPwplZnVYKGmQg0pej/DX0O2zm0kx+Fy+QNWJj61m4uU0wkMrE8DYshbz+QmWIFv+UxtOo9DzgzBwU9hc7/SU6IqIkX8uwmz6jIFeVtwljmVKNVOBbitj7RUy4k7ML+WDs1vI3D6uCo80A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pKVe0dv6tyhdVsGscf+vzhFYvg3YonfXUsylI8XV+jU=; b=yrqBnkK86CY9QQv+hUd1b/3dyaLs8czbqKC8s8oXH59XFK/mwnN1ZcljA7et9ka8E8U/AHVT72Iir1JIS8vakVZgwiOGlX/Pv9XDYod1Fs9+uMpSMljri/3si2CCblQU8lhgcBvAj/dDT5HQQk26laOGoNipZLj2uA5wljtFizb8ag4UAmDoXYgcih94ILRaH9qxWHqsFzbTYouTE0Jgzod/RktokGElnZcOmq14y87WkW6US/G1A6Dpyn6j4rN7Mu2ipie30hs+2f0CMm3Uj0iigu6RYGsIFC2eNJHKHi749gPmd2wPPPjBFKK3XhMbw6ZrsIWmgGJ+QGFsnErWNg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pKVe0dv6tyhdVsGscf+vzhFYvg3YonfXUsylI8XV+jU=; b=bFWJlhg3OKpsieVL5MM+raBuk31RAFeCfrsmAU3RA9Qcx/7Jrf/C/WRxl2DdYQz7r6bA8xCcefjsWwD/orvvh+IVvSjCvd5BJT03PCc4+A4FCC5Bn7i7qQWW7vE2IAQb66lnh1NwKQEVOUKZ/sVvfGGeo3zSxl+WiMXq9nez2MsUKlvGFeI7Rgxwi7Ov/29iiUTmLRBZWjSds4xA5X4Vr1xpmLKs/d0i9ssx+3koxYlJC/XIk+8EbQBY8VMI4KglbhFGfuFP8c3Z0EfW2sHM7Lmb782MccHOVmzF9Xf2XuYCSHZSOsF15tpeCBOcomZTbZqsir8TZnKTpkhm5XaYlA==
Received: from MW2PR12MB2508.namprd12.prod.outlook.com (2603:10b6:907:9::23) by DS0PR12MB8564.namprd12.prod.outlook.com (2603:10b6:8:167::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9654.21; Mon, 2 Mar 2026 23:04:30 +0000
Received: from MW2PR12MB2508.namprd12.prod.outlook.com ([fe80::56bc:c104:6e90:8b08]) by MW2PR12MB2508.namprd12.prod.outlook.com ([fe80::56bc:c104:6e90:8b08%5]) with mapi id 15.20.9654.020; Mon, 2 Mar 2026 23:04:30 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: "oauth@ietf.org" <oauth@ietf.org>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-rfc8725bis-04.txt
Thread-Index: AQHcqpflINNQpDtz7kySCL3L4uuOrbWb3G4g
Date: Mon, 02 Mar 2026 23:04:30 +0000
Message-ID: <MW2PR12MB25080751027B40CB322FB737B77EA@MW2PR12MB2508.namprd12.prod.outlook.com>
References: <177249213181.3620718.15246443741999614313@dt-datatracker-6ff7c68975-7k42g>
In-Reply-To: <177249213181.3620718.15246443741999614313@dt-datatracker-6ff7c68975-7k42g>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW2PR12MB2508:EE_|DS0PR12MB8564:EE_
x-ms-office365-filtering-correlation-id: 37464a36-cf87-4337-84f3-08de78b00f9d
x-ms-exchange-slblob-mailprops: atOjgM4C1H3GkHHRI1Pn2c9V+MQOLp2U8MWEBtPswZIuSdx5HwSJzeknPbldXjz4xlvq8Z/Vc9u5rU3rBv5FBVjzajYXAxvaURPJ0Qjw8uy7AsCDnIEAQzIjv9gr66wOQwfor9Sm2HYl+DqwyKI9yYXLiPTuX9yri3oaDPh2hMqzfIC+7Ngor30Qs5OOCyRtdFhE5UdQwTAKrn2VqjuxHEzscM0IDkm0vXh1BLipO8I5Y2WyrDDD4sd87ArWAxuG/gTCOV3Qp64W0Q1V9lX6wz7qq2PEGSIRZg0lMA9i0Zc4BzE3v+6mwuaRmRSv87uD8PpZnWcts7x9e6PYX3nhOIUo7nzQ/U0pFcyT5T1WXLn1e9Y6nMvgrEkaRRnmStPcIMiwMCWH0xApc6k4yO7eBIRureL+PblbDNQyPbZw5GjY1au4vpiqx3P6LL476B5uEx/uJKCY/tvTtwILJxAH8FhZJHdizJK1l3ZbfGYq04UFdom3ViB1BcKj5vYm5aHKZ7c8BT7tep9al+wELWD0OWAkZ2z73sLijm/6035wHIKRknbWR1ediaSlNwvzciIMtYpanP5PWQhjUa5K6DOc9PGCNpUFMr/8QBFfP5Hrf5Z7AoOshSbhjdPy4QXynIUUI8Mk+gZad0VFtrxPeqwbtYMMIl8Qqsy9VGn6e5Hmbv613AOzkw+Pe4cP8Qr2VXmckS7JogOm89LWIX3BQacKlwa9rGBzfgabkN4i17QYKZG0URmsbotiO3u85XWnsVoIiU6WBUrm7jvKioX36dkfAsp5sr5PdOsCXa9hZkS3epQlvnQP/5Gm/sffHIkGVqxHS9vBkfAEz/JWmtoKuPE56Z9SIm9XlpwTeob4N0jeCEygYylBdIj9TD1MfQXIkLftqF0NO1REWFP/26Hgw0d96+mIWho4pqmvRICBVlItqm4=
x-microsoft-antispam: BCL:0;ARA:14566002|13091999003|8062599012|8060799015|15080799012|31061999003|19110799012|461199028|20031999003|30051999003|39105399006|10035399007|3412199025|440099028|4302099013|19111999003|18061999006|102099032|56899033|1602099012|40105399003;
x-microsoft-antispam-message-info: UcxWP/KhKrzc4TkVY3aaH5towY8b2y9ljdDFSPyKFvRsDEGRDS+oWq75icj7BnJtjNZXDVMhuWKkH+BYY0q3Q43RhPP80IGMeh0oEbc0GyZLOP5sTjVLRNxQMaHuXPe97uP6V1JnnLcuLaR/BMorRoYOcb2cueaYowK+8XYzcxJ4bSsasxTAfkadX0oCKsnrXUSBe964QE768blK8DUw+mX+1LfFoNjMA5RdlGQR3D94qFWz0Yu29nwp435/nfRQmB2kupVFOtb2GBZ/U0S+ejO+LV8+HkepMhzWUSMxniEEzru/4AVkVmSnlfg8elxdKYgZAydd7FzLKpJ0qmMmZRORY3Dwx7yGPODYvEdEulJzGqfqDAgRhXId5GO9tGJnLM5WrFWmr0nBLHmeZhBF4PDrFZV5a14nBZZKHcNU4aHMyMAOV5SJV7PFWrivyEg5dUt6Mr45cNBlZdHyldAY9ZLg1fImlWYclwaS6BEKrBhk3q7v4QYHv/I5QqqqLvaNdImugA9u6rjrf5e/nhTObwzE66SrotA0n1F1dLdPidohjt8ZGjTa/fWhNZ5u+Bmx/qnlFOjXY5uI8l19H6CXy9kw+pl7rV+aOusdOokxtchNYof834RuY3mxYEdf+MPoPm6Se4RqKvp5IfzdvqVVZg2nho4piX1Mz0l9o090QHlJKlK7SrBEFPqoZBwpYpCVe8NwwxCT3sKUBn9grSZ4swrfsc6owPUn1ggLhlA6Y/bqxfSTDpPh24fttrK1LlqjeuVYg+uZyGZ1y20GWab1rJtJwbfPGGDMm2GUgpPFbV2R/9Z6qfH2cFfVc4DP/YUW8B5lIXWUaORDwyT2VQKELhOfjFJ35FB87O+pMMzc5N+fSpE0VgPxXUeADVrS7g0VZb5lMRNT5/6enFdzhRBPxUNq8bHBlbDHrZoho2gZYdoJYs+c9+DGutoCjf22K0iwYLP0w3DC09sNzTh3ogz8WBUlfMeDjRKB9pX6OaSS4XPVrQ4MxkFb/bo/x4rESArN9BcH3L/eiteJjfnAumibqEPIFcHGaKEYwsMMegq4BiWG3M3VDCSq8aA9OydkEa7xIKCfuKrmktlaHcU8AXJxPl80zwLkrRlwMNQLb/IlpbpbkjbSnY+x0obqj48q/kQm+yHIGps+fnbl3LzIpJm9dZXO8QOA0F/y80iS0Wl9tV2UMVkbgVbWomC2JNzDiKBBLYWqh8HQVmUXYiBtwu7SBQ==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Rnx+/0Jm9ImJLVSwQ6qDDeOUm+9pk/DN6UBJL6tiZp0KFO9Lqh1vYloqjGVbc9nu4v1pBP069sPoWIO2W1F3bYI4Sd5k61I62kZoQlb6cPy6lpW0FlEvClxdLP573hFiGuNUY2vmXw6KvkWOxrLEN9hqt+QSpYiFFl9omD2K4OXMqrUb6/OFBRBI4R/+ee1NLX+4Hg5lF19mt3DCQ96a+nUUiBw2hQRYCpXxhx4VbIExhc1+3ju3bxFNACNy9/HjAflaBlQNEWIanzICaiznKw4ygZ/CbffQN48O0Xr67++M136NjTewaXODeJbdNFT3IDiEwE32x2l3L+mu/QKTmgCZDMidkNWfUzjk2yxrXEtOsg5NCgy0Beboha2lZcliZdhjViCR4yXf19bnQrUOZve0BVlCY+x5HfZHjzvr6V/pc69zDsGuMgQt3eLZjpb+KCEvgC4kZWI7Mm8wE6112NOQal+rOEb0Vzka8FIiDbSSx2Gi3h9/lO7SmxiWZQavs1pPu6LlYvrm23seiqyIRiK8MBcETUagjkQsw5yT70VJdeCM0ygFnSbW1472NrS4UTNGAU0kwIPg12z6ijVLBVv2+1wan6FFBD1eZErDjJDgzTpTHL5re6Vev5xLVgjsFIbu6xtlXPPr/DoMQQfNyzVOH47W2Q5GKK1mT3beybWXUcKKlokfsLhUe9E80MN/b10XCaMjLiOFRHNRqjcf737QVSHJfdyNZnrHmwdEkGYbiBRbxWxwmA3Rg7hEQLweCJa6e9brvhOSykRlvqZpNKhx8DFP2Eqed+1CJCQjbADR+9XTjwqpjhgadeFNtYZBc6kIaf0tWBOUZihshlv0dIleM0gmrxZi7fxHPLgkkJ4E1YEINVw5K9MzCUf3iwPfqhoBzJayhuT7631AqWFRjLJmKM12DRybaUgekIT+FqUmL27UpCZNwGSeIY1skf8jiDXJyur1UCgf767rMYXhFEPLnhUjnys1TAfLTPmXM2rSVVaNZG9Ry6NgfynlIG9fUNVymecySTlnfik27xCO1IEfFrmkbEZNkvsY6Z4Nw36WBLAbqQw3CQ1792aAhUiW8nZux6VCfUMPF70O5CHEz5Tr+w/OOm2dnNTULwifDEKjlMGUukeQ6xFJdeXE6vJr7jjrHhZf0DVRqd5h+RSpVzPafYf2AgANT4ONIw+Uz+57QHXntfQgli3MH86lcT1Uzg3pUxhXlg5FFLBr+FwINJ+ekkL9keIY9GVABPgPmxgNqiRhU6qTXTF+inwyoQKgQSktV4oaqCtJ/LNLGkkg1FnWXeszo/d0u9a3oAqg7Q7iBxotEKjNv/+N1hKvuEPO16jYBoIMMBsBej/7hMawAgkAn62YVB28QrQ6xrQGxiZdnb4wSBxUXlSPV9jiqyUWqFzZx7ym6sUr2Qe4RzViOq1E9NIwrDQk4fFFiHiYKVPTEFU2kXyUCsGxOYZBrz3z
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-10359.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW2PR12MB2508.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 37464a36-cf87-4337-84f3-08de78b00f9d
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2026 23:04:30.4478 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8564
Message-ID-Hash: T7JWSN72N6SMSCG5XZGCXM7LR7DLOKXE
X-Message-ID-Hash: T7JWSN72N6SMSCG5XZGCXM7LR7DLOKXE
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-rfc8725bis-04.txt
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/F2WT3CfFPboyXzUCzmK7AWzQSE0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

This draft applies change suggestions by the document shepherd, Hannes Tschofenig.

                                -- Mike

-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Monday, March 2, 2026 2:56 PM
To: i-d-announce@ietf.org
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-rfc8725bis-04.txt

Internet-Draft draft-ietf-oauth-rfc8725bis-04.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.

   Title:   JSON Web Token Best Current Practices
   Authors: Yaron Sheffer
            Dick Hardt
            Michael B. Jones
   Name:    draft-ietf-oauth-rfc8725bis-04.txt
   Pages:   22
   Dates:   2026-03-02

Abstract:

   JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security
   tokens that contain a set of claims that can be signed and/or
   encrypted.  JWTs are being widely used and deployed as a simple
   security token format in numerous protocols and applications, both in
   the area of digital identity and in other application areas.  This
   Best Current Practices (BCP) specification updates RFC 7519 to
   provide actionable guidance leading to secure implementation and
   deployment of JWTs.

   This BCP specification furthermore replaces the existing JWT BCP
   specification RFC 8725 to provide additional actionable guidance
   covering threats and attacks that have been discovered since RFC 8725
   was published.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc8725bis/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-rfc8725bis-04.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-rfc8725bis-04

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-leave@ietf.org

v2.46.0 | Report a Bug | By Email | System Status