Re: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
Lars Kemmann <lars.kemmann@bynalogic.com> Thu, 06 October 2016 21:25 UTC
Return-Path: <lars.kemmann@bynalogic.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 152FA129460 for <oauth@ietfa.amsl.com>; Thu, 6 Oct 2016 14:25:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bynalogic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwJkby_8jeqM for <oauth@ietfa.amsl.com>; Thu, 6 Oct 2016 14:25:04 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0121.outbound.protection.outlook.com [104.47.41.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3219D12943C for <oauth@ietf.org>; Thu, 6 Oct 2016 14:25:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bynalogic.onmicrosoft.com; s=selector1-bynalogic-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8JdzlmK6EoY6rN44ZlTWTTY2TPH4ezDQO+c57x0LwcY=; b=kEOKbGsM1ggTC1MVdu5hbyYSHNj9rjnK/ohWG6OmqZOIJLlyYkJcfo4Fh1lgKcem3ZWdk8bV5OXRlMw5d+f3umrNx9DFvTW0hGvWHlAWbfdPYnWWvAx1GRu0wQGF17d/FRH9icSyuet2ATbiq1xyjzOHI8dRTFYVH4tdGs8QBeE=
Received: from CO2PR0801MB2359.namprd08.prod.outlook.com (10.174.192.152) by CO2PR0801MB2358.namprd08.prod.outlook.com (10.174.192.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.649.16; Thu, 6 Oct 2016 21:25:01 +0000
Received: from CO2PR0801MB2359.namprd08.prod.outlook.com ([10.174.192.152]) by CO2PR0801MB2359.namprd08.prod.outlook.com ([10.174.192.152]) with mapi id 15.01.0649.024; Thu, 6 Oct 2016 21:25:01 +0000
From: Lars Kemmann <lars.kemmann@bynalogic.com>
To: "Manger, James" <James.H.Manger@team.telstra.com>, RFC Errata System <rfc-editor@rfc-editor.org>, "dick.hardt@gmail.com" <dick.hardt@gmail.com>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "Kathleen.Moriarty.ietf@gmail.com" <Kathleen.Moriarty.ietf@gmail.com>, "Hannes.Tschofenig@gmx.net" <Hannes.Tschofenig@gmx.net>, "derek@ihtfp.com" <derek@ihtfp.com>
Thread-Topic: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
Thread-Index: AQHSHxuE+lI7eDlI7kuZ40x+ykQ/eaCaa5OAgAGGZv8=
Date: Thu, 06 Oct 2016 21:25:00 +0000
Message-ID: <CO2PR0801MB23591654EA70BF7A1874380282C70@CO2PR0801MB2359.namprd08.prod.outlook.com>
References: <20161005151652.82498B80A81@rfc-editor.org>, <255B9BB34FB7D647A506DC292726F6E13C05AA7E63@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E13C05AA7E63@WSMSG3153V.srv.dir.telstra.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=lars.kemmann@bynalogic.com;
x-originating-ip: [75.181.129.24]
x-ms-office365-filtering-correlation-id: 0dc19a73-5dab-495c-cecd-08d3ee2f3b10
x-microsoft-exchange-diagnostics: 1; CO2PR0801MB2358; 7:y+tFBCzcdWmw0SYCDK9r4Ob/dsUTTvYfntiZ0h5GxZm3U60Sa0m9MBamJ1WFIrdmb/UPGbChEOX8+mOCiHO5D8I+CeFzw9tbnvxQhvKKkfA6LxB4Neumez90NVfd2pzf3CxFYK7tzV/aCxGSpFb+y2p7XV3WpjeGrn/ybYYKT8+suGakHfW8+ZE5odCtq8Om1wRGQiREgAVAWv4krGiq8zFZlOpaopgprrgc4flDpBehQ/anFWGdzKt2SRQsJXgiPFyxnriZrARZMV5hBmQfMqFolty+QzDU0kQp95droo3y2kO4YmhxwffBlI4g7Q6ax816v/yBHtUDRGKU8dDydg==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CO2PR0801MB2358;
x-microsoft-antispam-prvs: <CO2PR0801MB2358D9BE30F216F7466851ED82C70@CO2PR0801MB2358.namprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(32856632585715)(158342451672863)(192374486261705)(272811157607776)(248736688235697)(67441168502697);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6043046)(6042046); SRVR:CO2PR0801MB2358; BCL:0; PCL:0; RULEID:; SRVR:CO2PR0801MB2358;
x-forefront-prvs: 00872B689F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(377454003)(13464003)(199003)(189002)(5660300001)(7906003)(10400500002)(7696004)(105586002)(2900100001)(11100500001)(8676002)(8666005)(99286002)(76176999)(81166006)(54356999)(81156014)(106116001)(7846002)(7736002)(106356001)(77096005)(15975445007)(19625215002)(2950100002)(50986999)(74316002)(5002640100001)(189998001)(16236675004)(2501003)(101416001)(33656002)(97736004)(5001770100001)(3660700001)(3900700001)(15395725005)(2906002)(9686002)(66066001)(122556002)(87936001)(19580395003)(19580405001)(4326007)(19617315012)(586003)(3846002)(15188155005)(86362001)(76576001)(2201001)(92566002)(68736007)(8936002)(16799955002)(6116002)(3280700002)(102836003)(7059030)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:CO2PR0801MB2358; H:CO2PR0801MB2359.namprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: bynalogic.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CO2PR0801MB23591654EA70BF7A1874380282C70CO2PR0801MB2359_"
MIME-Version: 1.0
X-OriginatorOrg: bynalogic.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2016 21:25:00.8650 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 35ae33f5-2565-457b-b049-aae7bfc371ba
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR0801MB2358
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/GH0c1y4o3vdn3TzmhV7T6_z9dD4>
X-Mailman-Approved-At: Fri, 07 Oct 2016 02:42:45 -0700
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 21:27:45 -0000
Ah, you’re right. Thanks! Should I resubmit it? ~Lars From: Manger, James<mailto:James.H.Manger@team.telstra.com> Sent: Wednesday, October 5, 2016 6:07 PM To: RFC Errata System<mailto:rfc-editor@rfc-editor.org>; dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>; stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>; Kathleen.Moriarty.ietf@gmail.com<mailto:Kathleen.Moriarty.ietf@gmail.com>; Hannes.Tschofenig@gmx.net<mailto:Hannes.Tschofenig@gmx.net>; derek@ihtfp.com<mailto:derek@ihtfp.com> Cc: Lars Kemmann<mailto:lars.kemmann@bynalogic.com>; oauth@ietf.org<mailto:oauth@ietf.org> Subject: RE: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819) This errata is not quite right. It needs to use https, not http. Location: https://client.example.com/cb... -- James Manger -----Original Message----- From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of RFC Errata System Sent: Thursday, 6 October 2016 2:17 AM To: dick.hardt@gmail.com; stephen.farrell@cs.tcd.ie; Kathleen.Moriarty.ietf@gmail.com; Hannes.Tschofenig@gmx.net; derek@ihtfp.com Cc: lars.kemmann@bynalogic.com; oauth@ietf.org; rfc-editor@rfc-editor.org Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819) The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4819 -------------------------------------- Type: Technical Reported by: Lars Kemmann <lars.kemmann@bynalogic.com> Section: 4.2.2 Original Text ------------- HTTP/1.1 302 Found Location: http://example.com/cb# access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 Corrected Text -------------- HTTP/1.1 302 Found Location: http://client.example.com/cb# access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 Notes ----- In the example for section 4.2.1, the request was made with a `redirect_uri` parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. If I understand correctly, the `client` subdomain should be included in the `Location` header in the response. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] [Technical Errata Reported] RFC6749 (4… RFC Errata System
- Re: [OAUTH-WG] [Technical Errata Reported] RFC674… Manger, James
- Re: [OAUTH-WG] [Technical Errata Reported] RFC674… Lars Kemmann
- Re: [OAUTH-WG] [Technical Errata Reported] RFC674… Benjamin Kaduk