Re: [OAUTH-WG] PoP Key Distribution
Mike Jones <Michael.Jones@microsoft.com> Thu, 05 July 2018 15:04 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7847B130E7A for <oauth@ietfa.amsl.com>; Thu, 5 Jul 2018 08:04:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPaIGcvrgBsK for <oauth@ietfa.amsl.com>; Thu, 5 Jul 2018 08:04:46 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640134.outbound.protection.outlook.com [40.107.64.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE590130DED for <oauth@ietf.org>; Thu, 5 Jul 2018 08:04:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NFVVSHKOFE1qvRfsqcgSbiX6PCO5pvXvHq1GqlPGogQ=; b=M6uIfc/5xXZ73NrK5+COd+ynJ5HwvLRBjuK4LJOB5uWKOZy4+zGRZuzAbTBVdEP+rVArB2/f6rktZRnHgVO1xplg3wokKVcO3k14C7UIELnquW9qqJJeLzxJzbkitf8z0O5zP8EHmtYcTdWnEOD5NWaVgzW22QeWEyhrxT61Erc=
Received: from MW2PR00MB0298.namprd00.prod.outlook.com (52.132.148.29) by MW2PR00MB0428.namprd00.prod.outlook.com (52.132.149.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.967.0; Thu, 5 Jul 2018 15:04:35 +0000
Received: from MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::9c24:5ebc:cf1a:dc37]) by MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::9c24:5ebc:cf1a:dc37%6]) with mapi id 15.20.0971.000; Thu, 5 Jul 2018 15:04:35 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Ludwig Seitz <ludwig.seitz@ri.se>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] PoP Key Distribution
Thread-Index: AdQTBj47ZlOcOW2pSHSpIBiWadk6FgAXco4AAENT58A=
Date: Thu, 05 Jul 2018 15:04:35 +0000
Message-ID: <MW2PR00MB0298594ADC1B2904CC48D881F5400@MW2PR00MB0298.namprd00.prod.outlook.com>
References: <VI1PR0801MB211213D11E7820FD31218663FA420@VI1PR0801MB2112.eurprd08.prod.outlook.com> <58eac9f9-21a6-aa6d-ac28-6fce70cfa08e@ri.se>
In-Reply-To: <58eac9f9-21a6-aa6d-ac28-6fce70cfa08e@ri.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.47.80.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MW2PR00MB0428; 6:KZ6RNvpMdid6aLrofjX4sceKhMh2gfGZUkpi4YMUM9oSbtFTPhC1vb7zzGHrBZRBmvKmjKMQIGOZ94XK7ALbEUVsbSllg7+TH3mflaVCtECnou2lmaiBEOHlQgLprgJUAKWqy3Z9vHTWvTaAQfDZSHXG2X/DACrt6BR6W1OIKGBGmQTM+PfYF8kHswFrBKDMg8jz7MVOJQPzxIkOaorzzuav0qberJOpg55llq/i+37+aCcEf6GNzks+1Io3zxhjKtThmEvW+WTNy4LLGtYyUP+Td954zHZzxBkeSNtp3NhVHiQFSM/rGpukTZUEyJLKSJOYrc65EuLIIzPz7x/28CFXb4h/lgsEi/QEaaDkFRlEIN1535ZyWTWejvIvmr3aoAw+rjYSEsDaLFP8AOINvrj+BrQ75YlXQRXL/7tigdAeXrRq7TDvzGAzqft4zyVS7KzejmA6Dq3AvmMU8xKQwg==; 5:LByWBUaduLl4H+AWByA6KKppmjYe9Jy3k1DLa7FDRtqFXcTfo/rYVaF+d1WMoiYHBqxtFtjSgSyXwAz1kpGPZ/5X+pboCto6wcZgqis24ggnVTwTm3XOznMtS3kDxgvRHVZb+4xPA13iU93F7/N3LbtC7WJKziWwf/TCozNV3WE=; 7:F2nAVuYVfdvTWWVFBBObpnGU7NajCDyGBNMesASygxIoE0sKerrEAdCwPMj02Q3+PJzBCq6+7lr71Ynrq29d0JFYZu20MU6iAHSXtygaGYCXun2C/51Vk9MU/cB2sBupzHnmgzSQeJmneVH7w1Crn8Cu3sbxciFCmJFE+6P11R6AYn5Y8Kbfh9nko/CPyU6YDzRLHrryz0FRLJlVZmMRBHbOlb37DjWTLPSCAF6X4hWCl9VYxI0OiwkIr+ZZVcUG
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e9dd39b7-9036-4b88-ca47-08d5e2889f22
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7193020); SRVR:MW2PR00MB0428;
x-ms-traffictypediagnostic: MW2PR00MB0428:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <MW2PR00MB04287B338B4A1A9CD8A8240AF5400@MW2PR00MB0428.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(93006095)(93001095)(3002001)(10201501046)(3231280)(2018427008)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:MW2PR00MB0428; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0428;
x-forefront-prvs: 0724FCD4CD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(136003)(396003)(39860400002)(376002)(366004)(53754006)(199004)(189003)(13464003)(186003)(99286004)(5660300001)(53546011)(2900100001)(53936002)(7696005)(26005)(8676002)(76176011)(6506007)(6246003)(6436002)(6306002)(55016002)(9686003)(5250100002)(486006)(11346002)(74316002)(446003)(102836004)(7736002)(476003)(110136005)(316002)(86362001)(8936002)(81166006)(256004)(305945005)(14444005)(2501003)(81156014)(33656002)(8990500004)(478600001)(25786009)(86612001)(966005)(14454004)(22452003)(10090500001)(68736007)(2906002)(72206003)(10290500003)(6116002)(3846002)(229853002)(97736004)(105586002)(106356001)(66066001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0428; H:MW2PR00MB0298.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: IOj9yqRBB9I82dZsL1BOgtWbgsVsu9nV9mAlbsrbzcI/G7DPjwuyz5pauS8BgMYqi0PWQ7/FdRHmsvZ22jC/k91Jnrb9vWIzUybm8XPdQ6xc7K1yg+Q6V+8n6Q3VJEZE29Do9X3Ejv2wyl/Hjm5RzbGS6xd9pZkPjF2Vvj9yobhdynMXcxcyFacmcVSiaXdXTbF1xX7gpIsQhzwJqp+yqwWvR1vT5oNTcIXf7xEbNOurgwiusWAGhLMylSYHIymU+UmyGT9ps7P65/kH891Ljy9YGwSTnD5D3gBAREF0iq0PGuYa6hUnWPHOOP5UQOibKBjkOQIsEOMsWyeCNM3UE6jGy1jTO20khrTwYIcb1mE=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e9dd39b7-9036-4b88-ca47-08d5e2889f22
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2018 15:04:35.5319 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0428
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/IY9tRd7wfDfrp9_wUQJtzeLz86A>
Subject: Re: [OAUTH-WG] PoP Key Distribution
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 15:04:49 -0000
I'm fine putting some bandwidth into finishing OAuth PoP Key Distribution - particularly now that OAuth AS Metadata is finally done. I know that Hannes is willing to do so as well. -- Mike -----Original Message----- From: OAuth <oauth-bounces@ietf.org> On Behalf Of Ludwig Seitz Sent: Tuesday, July 3, 2018 11:56 PM To: oauth@ietf.org Subject: Re: [OAUTH-WG] PoP Key Distribution On 2018-07-03 21:46, Hannes Tschofenig wrote: > Hi all, > .... > Where should the parameters needed for PoP key distribution should be > defined? Currently, they are defined in two places -- in > https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-13 and also in > https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-03. > In particular, the audience and the token_type parameters are defined > in both specs. > > IMHO it appears that OAuth would be the best place to define the > HTTP-based parameters. ACE could define the IoT-based protocols, such > as CoAP, MQTT, and alike. Of course, this is subject for discussion, > particularly if there is no interest in doing so in the OAuth working > group. > I fully agree that OAuth would be the best place. I've only drawn some of these parameters into draft-ietf-ace-oauth-authz because the work on draft-ietf-oauth-pop-key-distribution seemed to have been discontinued (it expired August 2017). That said, I'd hate to introduce a normative dependency into draft-ietf-ace-oauth-authz on a document that will not move forward or only move very slowly. What are the prospects of going forward quickly with draft-ietf-oauth-pop-key-distribution? > There is also a misalignment in terms of the content.. > draft-ietf-oauth-pop-key-distribution defined an 'alg' parameter, > which does not exist in the draft-ietf-ace-oauth-authz document. The > draft-ietf-ace-oauth-authz document does, however, have a profile > parameter, which does not exist in > draft-ietf-oauth-pop-key-distribution. Some alignment is therefore > needed. In the meanwhile the work on OAuth meta has been finalized and It seems indeed that 'alg' and 'profile' parameters have some overlap, although 'alg' seemed a bit more narrow to me (which is why I created 'profile'). If we could extend the definition of 'alg' a bit, I'd be OK to remove 'profile' from the ACE draft (provided the OAuth draft moves forward in a timely manner). /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE SICS Phone +46(0)70-349 92 51 _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] PoP Key Distribution Mike Jones
- Re: [OAUTH-WG] PoP Key Distribution Mike Jones
- Re: [OAUTH-WG] PoP Key Distribution Mike Jones
- Re: [OAUTH-WG] PoP Key Distribution Mike Jones
- [OAUTH-WG] PoP Key Distribution Hannes Tschofenig
- Re: [OAUTH-WG] PoP Key Distribution Ludwig Seitz
- Re: [OAUTH-WG] PoP Key Distribution Ludwig Seitz
- Re: [OAUTH-WG] PoP Key Distribution Benjamin Kaduk
- Re: [OAUTH-WG] PoP Key Distribution Justin Richer