Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Fri, 25 October 2019 14:02 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B86B120884 for <oauth@ietfa.amsl.com>; Fri, 25 Oct 2019 07:02:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S27AsdzqzIPq for <oauth@ietfa.amsl.com>; Fri, 25 Oct 2019 07:02:53 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9C0212007C for <oauth@ietf.org>; Fri, 25 Oct 2019 07:02:53 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id p6so2522209iod.7 for <oauth@ietf.org>; Fri, 25 Oct 2019 07:02:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aWBxxtpOyFBW/s1vMq8rTHpMWLH2i+0Osw1c42KjKLA=; b=T5VQuN4yinUP1isWwfTZSD/RWaBIWYPRjS4+8auzctg8RXJLHVMFPgLcCHNmv9KM34 VUou6UU5xp18/9117Dn0uWnSj5FWL+cDkRnY6i2UMdQ+DEFdWyzf13LG7VSc4Ue4rsZY a7LJb0V4LGGbI6TcSp+cjpl09VWWZF8dutmcSuUSfpsxwch9gdumyQVWY8yqfcXVD2fj qQe7eJreK2QgEr+hUSLqntT+LAqZGCBL+P+OeP5xn52oA4BY6DQ0pp7vRye/8HR1ykFO Nj9rNbAMglFaiQCrUvR7s2DFKS0w4aNMAwrVNt5Md7Q51C3/FHf8HG+JS2eCwc61Cwit NSUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aWBxxtpOyFBW/s1vMq8rTHpMWLH2i+0Osw1c42KjKLA=; b=GI1dmhNWj7gQz/cgSnkuzlLFW6eMvRHDl8jmy2LgO5hLKGu+AzTpnczIP8FYwDBK6l +PHkTuhHGjfkNT2ZFlDBjGE2f50NG7YokoHio/hAZbyolh+p+XTUN7DumsBp/L4D3+az RCFqimvpxNGBgMQmCFmq+iHcqbwYyJPiEqTfbOLcA3FKVjnx3AFc7iq/hkzAVsLTstdR guw3DbxUmmOFIIseODSgymUuMyNZHd6Jc5lBMLED/T5/9yTDZG2r7ZkhuRi6a0aKKfq3 PPWgJ5mbL3yTyalRTgGXybaQ+5R3Pndt96PjjcVjmDAwDWbHYuR+ahDEAJrH1b7qvyit f+CA==
X-Gm-Message-State: APjAAAV14/Bfs/iCY3iIQhhrDty+r3hDMvLcZIKC8sB1SOD5bqQ8U0oR FxaIFr1vP6B4aX83KbBaPH0XMUTYTP01aP5suCYyuKeNr3U=
X-Google-Smtp-Source: APXvYqwH7dxWkUcWE98BFFTnZZTU+9pjIYiKT8PGju2H855lZSCFZAwBVLjomvPqiduMmIOaznrnAEYSFP4u44dPNHM=
X-Received: by 2002:a5d:87ce:: with SMTP id q14mr3660676ios.278.1572012172983; Fri, 25 Oct 2019 07:02:52 -0700 (PDT)
MIME-Version: 1.0
References: <85D42AA1-FF57-4383-BACB-57C5AA32CFAC@lodderstedt.net> <CAEKOcs2gkM3Henz5nS04_EuBQXWWbJU5K02ErP0rnVZXmjxXJQ@mail.gmail.com> <20191021020546.GZ43312@kduck.mit.edu> <CA+k3eCS7pf3wXBkpbXE0AXKUGogo0YcHd8oWfiBfkPB5axGQQw@mail.gmail.com> <8A8B8892-9D16-4210-BC13-47B5D7859976@mit.edu> <20191024170326.GO69013@kduck.mit.edu>
In-Reply-To: <20191024170326.GO69013@kduck.mit.edu>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Fri, 25 Oct 2019 10:02:41 -0400
Message-ID: <CAGL6epJZtTXKSGFj0BfhF3kd_Z-z2xzOWXOPEKXc5m18Z4L1uA@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Justin Richer <jricher@mit.edu>, Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002746d60595bc9b9c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/GMyyb7950z1Eoj2KE_vTrCDQyAE>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 14:02:56 -0000
You might want to look at RFC7239, which is trying to address the issue of the loss of information by proxies. https://tools.ietf.org/html/rfc7239 The document does not have a parameter to carry the client certificate information, but it allows for new parameters to be defined. Would that help in this case? Regards, Rifaat On Thu, Oct 24, 2019 at 1:03 PM Benjamin Kaduk <kaduk@mit.edu> wrote: > On Wed, Oct 23, 2019 at 10:13:04AM -0400, Justin Richer wrote: > > I also agree. Would it be possible to get this pushed to http or tls? > It > > would be more appropriate there, and very helpful to have a general > spec > > for this. > > I think it's possible to get such work done in one of those places, but > first someone has to actually write a draft. Barring that, a HotRFC or > secdispatch slot in Singapore would probably be good for drumming up > interest. In related news, I am told that draft-duke-quic-load-balancers > had some time in the QUIC interim this month, and may be moving towards > adoption, so time may be short if we want to have a fully general solution. > > -Ben > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-intro… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Vladimir Dzhuvinov
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Torsten Lodderstedt
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Travis Spencer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Benjamin Kaduk
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Travis Spencer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Torsten Lodderstedt
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Travis Spencer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Benjamin Kaduk
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Benjamin Kaduk
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Rifaat Shekh-Yusef
- [OAUTH-WG] client certs and TLS Terminating Rever… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Benjamin Kaduk
- Re: [OAUTH-WG] client certs and TLS Terminating R… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] client certs and TLS Terminating R… Brian Campbell
- Re: [OAUTH-WG] client certs and TLS Terminating R… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] client certs and TLS Terminating R… Brian Campbell
- Re: [OAUTH-WG] client certs and TLS Terminating R… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] client certs and TLS Terminating R… Neil Madden
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Brian Campbell
- Re: [OAUTH-WG] client certs and TLS Terminating R… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Justin Richer
- Re: [OAUTH-WG] client certs and TLS Terminating R… Brian Campbell
- Re: [OAUTH-WG] client certs and TLS Terminating R… Hans Zandbelt
- Re: [OAUTH-WG] client certs and TLS Terminating R… Neil Madden
- Re: [OAUTH-WG] client certs and TLS Terminating R… Justin Richer
- Re: [OAUTH-WG] client certs and TLS Terminating R… Torsten Lodderstedt
- Re: [OAUTH-WG] client certs and TLS Terminating R… Neil Madden
- Re: [OAUTH-WG] client certs and TLS Terminating R… Torsten Lodderstedt
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Neil Madden
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Neil Madden
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Neil Madden
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Neil Madden
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Jim Manico
- Re: [OAUTH-WG] client certs and TLS Terminating R… Vladimir Dzhuvinov
- Re: [OAUTH-WG] client certs and TLS Terminating R… Hans Zandbelt
- Re: [OAUTH-WG] client certs and TLS Terminating R… Torsten Lodderstedt
- Re: [OAUTH-WG] client certs and TLS Terminating R… Vladimir Dzhuvinov
- Re: [OAUTH-WG] client certs and TLS Terminating R… Hans Zandbelt
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Vladimir Dzhuvinov
- Re: [OAUTH-WG] client certs and TLS Terminating R… Richard Backman, Annabelle
- Re: [OAUTH-WG] client certs and TLS Terminating R… Salz, Rich
- Re: [OAUTH-WG] client certs and TLS Terminating R… Neil Madden
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: client cer… Richard Backman, Annabelle
- Re: [OAUTH-WG] client certs and TLS Terminating R… Vladimir Dzhuvinov
- Re: [OAUTH-WG] client certs and TLS Terminating R… Richard Backman, Annabelle
- Re: [OAUTH-WG] client certs and TLS Terminating R… Hans Zandbelt
- Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: client cer… Neil Madden
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Travis Spencer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-i… Brian Campbell