IETF Logo Mail Archive

Re: [OAUTH-WG] Security area review

"Richard L. Barnes" <rbarnes@bbn.com> Mon, 08 August 2011 12:24 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A69B421F8AD6 for <oauth@ietfa.amsl.com>; Mon, 8 Aug 2011 05:24:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.58
X-Spam-Level:
X-Spam-Status: No, score=-106.58 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3IRQ34fag3mp for <oauth@ietfa.amsl.com>; Mon, 8 Aug 2011 05:24:30 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 2E84121F8ABC for <oauth@ietf.org>; Mon, 8 Aug 2011 05:24:30 -0700 (PDT)
Received: from [128.89.254.201] (port=49683 helo=[192.168.1.12]) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.74 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1QqOt4-000LxJ-Kg; Mon, 08 Aug 2011 08:24:55 -0400
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: "Richard L. Barnes" <rbarnes@bbn.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72345024864B07@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Mon, 08 Aug 2011 08:24:49 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <4E029255-2F7B-45F2-813E-66880B4B5B5A@bbn.com>
References: <90C41DD21FB7C64BB94121FBBC2E72345024864A96@P3PW5EX1MB01.EX1.SECURESERVER.NET> <CAC4RtVBV-Pcv9NL_aHPFvU5s9f=W0-Hzuh3tAXD3TGf+j6nbXw@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E72345024864B07@P3PW5EX1MB01.EX1.SECURESERVER.NET>
To: Eran Hammer-Lahav <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1082)
Cc: Barry Leiba <barryleiba@computer.org>, OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Security area review
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2011 12:24:31 -0000

<hat type="secdir"/>

I've been loosely following this group, probably not as closely as I should have.  I'll put it in my queue to do a review of the current doc as a way of getting back in the fray.

--Richard


On Aug 8, 2011, at 1:59 AM, Eran Hammer-Lahav wrote:

> Thanks.
> 
> But this still puzzles me. After two years in the application area where IMO this working clearly belongs, we were moved to the security area under the premise of increased review and engagement from the security area.
> 
> EHL
> 
>> -----Original Message-----
>> From: barryleiba.mailing.lists@gmail.com
>> [mailto:barryleiba.mailing.lists@gmail.com] On Behalf Of Barry Leiba
>> Sent: Sunday, August 07, 2011 8:29 PM
>> To: Eran Hammer-Lahav
>> Cc: OAuth WG
>> Subject: Re: [OAUTH-WG] Security area review
>> 
>>> Did the chairs issue a last call request to anyone in the security
>>> area? I thought the whole point of moving this working group from apps
>>> to security was to increase the review and participation of that area.
>>> So far I have seen absolutely nothing to indicate any such
>>> contribution. I would like to know what actual actions are being taken to
>> turn this promise into reality.
>> 
>> There'll be a security directorate review when we send the doc to the IESG.  I
>> can certainly ask Sam to schedule a review now, instead of waiting, and I'll do
>> that.
>> 
>> Barry, as chair
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email