Re: [OAUTH-WG] Call for Adoption: Mutual TLS Profiles for OAuth Clients

Justin Richer <jricher@mit.edu> Mon, 01 May 2017 22:31 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D905F12EAAB for <oauth@ietfa.amsl.com>; Mon, 1 May 2017 15:31:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.49
X-Spam-Level:
X-Spam-Status: No, score=-1.49 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jBjY87kaoIUQ for <oauth@ietfa.amsl.com>; Mon, 1 May 2017 15:31:41 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D66C912EAA9 for <oauth@ietf.org>; Mon, 1 May 2017 15:29:05 -0700 (PDT)
X-AuditID: 12074423-71fff70000004ca2-eb-5907b6b0580b
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 0D.53.19618.0B6B7095; Mon, 1 May 2017 18:29:04 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id v41MT3f9027952; Mon, 1 May 2017 18:29:04 -0400
Received: from [100.110.147.91] ([104.132.1.107]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v41MSx87020706 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 1 May 2017 18:29:02 -0400
From: Justin Richer <jricher@mit.edu>
Message-Id: <1406FF29-7E40-4B80-AF0E-CE857081C196@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_26BB7FD1-B1BE-4397-86C0-402F5B803E1A"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 1 May 2017 15:28:58 -0700
In-Reply-To: <CAF2hCbbaQLJCpbjhbbR6gAVCE4F1SRBZ0aLzDBcK4YJEZym10w@mail.gmail.com>
Cc: William Denniss <wdenniss@google.com>, "<oauth@ietf.org>" <oauth@ietf.org>
To: Samuel Erdtman <samuel@erdtman.se>
References: <95776354-79e3-caa7-ba60-84cfec7f899f@gmx.net> <CAP-T6TSMn-hsNG1XL+SEkKQWmqxPa8EckEWU5+9mG6RSZjhLJw@mail.gmail.com> <CABzCy2B_U2E5qEL=f4w9HAwZi+BWrf_Nt+aanwHdBE9Xd_B3zw@mail.gmail.com> <B5CF3EF4-1C91-41FF-A0D8-61FFFC1056E1@lodderstedt.net> <CAAP42hCrTm80HFFZCm8UzYMJBs6wjfNpjEEV8CxCqyooLavT+A@mail.gmail.com> <CAF2hCbbaQLJCpbjhbbR6gAVCE4F1SRBZ0aLzDBcK4YJEZym10w@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBKsWRmVeSWpSXmKPExsUixG6nrrthG3ukwa52FYuTb1+xWfxfeorJ YtOcZnYHZo8X//YweizYVOqxZMlPpgDmKC6blNSczLLUIn27BK6MB0smsBesm8FYcf9/bgPj jg7GLkZODgkBE4nX566ydTFycQgJtDFJ/G7oZIJwNjBKNN++yA7hrGWSuDF1NgtIC5uAqsT0 NS1MIDavgJVE88S77CA2s0CSxM/rl4DGcgDF9SV6n4NtEBYIkjjeeBisnEVAReLBv01gNqdA oMTXb1tYIFr9JNZtWMsMYosIqEncPfiIFWJvP7PEjpPn2CBOlZW4NfsS8wRG/llI1s1CWAcR 1pZYtvA1M4StKbG/ezkLpriGROe3iawLGNlWMcqm5Fbp5iZm5hSnJusWJyfm5aUW6Zrp5WaW 6KWmlG5iBAe7i/IOxpd93ocYBTgYlXh4VxizRwqxJpYVV+YeYpTkYFIS5RV7xxYpxJeUn1KZ kVicEV9UmpNafIhRgoNZSYTXcSZQOW9KYmVValE+TEqag0VJnFdcozFCSCA9sSQ1OzW1ILUI JivDwaEkwXtuK1CjYFFqempFWmZOCUKaiYMTZDgP0PDvIDW8xQWJucWZ6RD5U4zWHFdaP75n 4mjb8vs9kxBLXn5eqpQ475wtQKUCIKUZpXlw00AJKyVvcjSIzmhhzH7FKA70pDDvJ5DBPMDk Bzf3FdBKJqCV9WosICtLEhFSUg2MPh9eyydoVGvdOp02kWP1te7sBZ2VIu9TTyb9sUkUXZG5 4rLShASFrZFGrSX9m+8FtGsekz7x8cmdR/rlMtq/hSrcI77veRW4Jm32tZXeG49dNSiYdXmT x/+5sn7paUsf7Yy9+Nnwy1+WZ7tNtO79j1vjdnmX+Z3C6ixGc61b05a0bQ5W1FyhoMRSnJFo qMVcVJwIAMkd6zg7AwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/I0pmOYGSUk6j68Rt_LzW1n5a_2Q>
Subject: Re: [OAUTH-WG] Call for Adoption: Mutual TLS Profiles for OAuth Clients
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2017 22:31:46 -0000

I support this draft as a starting point for this work. 

A context on my perspective: several years ago, I worked on a project that looked toward this kind of functionality being standardized in the future. See section 6.1 of this document published in 2015 (written in 2014).

http://secure-restful-interface-profile.github.io/pages/docs/profiles/Secure%20RESTful%20Interface%20Profiles%20for%20OAuth%202%20v1.4.docx <http://secure-restful-interface-profile.github.io/pages/docs/profiles/Secure%20RESTful%20Interface%20Profiles%20for%20OAuth%202%20v1.4.docx>

 — Justin

> On Apr 25, 2017, at 12:45 PM, Samuel Erdtman <samuel@erdtman.se> wrote:
> 
> +1 for adoption
> 
> On Mon, Apr 24, 2017 at 9:02 AM, William Denniss <wdenniss@google.com <mailto:wdenniss@google.com>> wrote:
> I support the adoption of this draft by the working group.
> 
> 
> On Sun, Apr 23, 2017 at 9:11 AM, Torsten Lodderstedt <torsten@lodderstedt.net <mailto:torsten@lodderstedt.net>> wrote:
> +1 for adoption
> 
>> Am 21.04.2017 um 21:43 schrieb Nat Sakimura <sakimura@gmail.com <mailto:sakimura@gmail.com>>:
>> 
>> +1 for adoption
>> 
>> On Apr 21, 2017 9:32 PM, "Dave Tonge" <dave.tonge@momentumft.co.uk <mailto:dave.tonge@momentumft.co.uk>> wrote:
>> I support adoption of draft-campbell-oauth-mtls
>> 
>> As previously mentioned this spec will be very useful for Europe where there is legislation requiring the use of certificate-based authentication and many financial groups and institutions are considering OAuth2.
>>  
>> The UK Open Banking Implementation Entity has a strong interest in using this spec.
>> 
>> Dave
>> 
>> On 20 April 2017 at 17:32, Hannes Tschofenig <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote:
>> Hi all,
>> 
>> based on the strong support for this document at the Chicago IETF
>> meeting we are issuing a call for adoption of the "Mutual TLS Profiles
>> for OAuth Clients" document, see
>> https://tools.ietf.org/html/draft-campbell-oauth-mtls-01 <https://tools.ietf.org/html/draft-campbell-oauth-mtls-01>
>> 
>> Please let us know by May 4th whether you accept / object to the
>> adoption of this document as a starting point for work in the OAuth
>> working group.
>> 
>> Ciao
>> Hannes & Rifaat
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
>> 
>> 
>> 
>> 
>> -- 
>> Dave Tonge
>> CTO
>>  <http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
>> 10 Temple Back, Bristol, BS1 6FL
>> t: +44 (0)117 280 5120 <tel:+44%20117%20280%205120>
>> 
>> Moneyhub Enterprise is a trading style of Momentum Financial Technology Limited which is authorised and regulated by the Financial Conduct Authority ("FCA"). Momentum Financial Technology is entered on the Financial Services Register (FRN 561538) at fca.org.uk/register <http://fca.org.uk/register>. Momentum Financial Technology is registered in England & Wales, company registration number 06909772 © . Momentum Financial Technology Limited 2016. DISCLAIMER: This email (including any attachments) is subject to copyright, and the information in it is confidential. Use of this email or of any information in it other than by the addressee is unauthorised and unlawful. Whilst reasonable efforts are made to ensure that any attachments are virus-free, it is the recipient's sole responsibility to scan all attachments for viruses. All calls and emails to and from this company may be monitored and recorded for legitimate purposes relating to this company's business. Any opinions expressed in this email (or in any attachments) are those of the author and do not necessarily represent the opinions of Momentum Financial Technology Limited or of any other group company.
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org <mailto:OAuth@ietf.org>
> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> 
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org <mailto:OAuth@ietf.org>
> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth