[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-pop-key-distribution-03.txt
John Bradley <ve7jtb@ve7jtb.com> Fri, 24 February 2017 21:59 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFC1E12951D for <oauth@ietfa.amsl.com>; Fri, 24 Feb 2017 13:59:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ve7jtb-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qUyyJ5ahpci4 for <oauth@ietfa.amsl.com>; Fri, 24 Feb 2017 13:59:02 -0800 (PST)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B21531293F9 for <oauth@ietf.org>; Fri, 24 Feb 2017 13:59:01 -0800 (PST)
Received: by mail-qt0-x22e.google.com with SMTP id n21so27728893qta.1 for <oauth@ietf.org>; Fri, 24 Feb 2017 13:59:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=from:mime-version:subject:message-id:references:to:date; bh=APOGTnu1Hw26SJ5PJZj8Vu5370F169WBahrnCvPqROM=; b=gPqepGfp7h3a/a/sSrg2PesdIh/gNJnungz78BnWbzab0gzJiSiWlHP69ZPaMd+Kw5 0XOm3dNkOKfCRz1TI37T5ZSP/pIiiXVSo4M/iCjCP592YoiHsy5hmEoy/06Vjo4TSn7x k4tT28smbxvbSY85Zs9EZNgBdrighisDzHWmWjpZvAAcZ4O4Wmr7PKfcIcq0IDAsLbus qOVBPcO9T+e2zi/SCe1lbfnD96noy/Yu8TVQqpqQBuvgxQFqN0ljouScrRlz4c2w9MQ1 BMYzRBvpjGwCuOdrfPrDbXOIIXh5oX9dlSM3Zd7DIomOET/ENyRui5i2nCK8wPsOWC4e 9i+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:references :to:date; bh=APOGTnu1Hw26SJ5PJZj8Vu5370F169WBahrnCvPqROM=; b=Hd6+Cso912mVImXF+afBm+mpNk782JGrd3rUc+xSX5njwr4eDtAZyJY2JxheIvxT2W it0IXXqV3X6S7TI00kfVWCLz+V0NKY80XWRwpBQgSRz39gD6x2errYcVJQblx4wS+pbf uxHBe53IWEpezb2YPFfiJOR4SEl+yzQU4Z77tNX34q7mfqdl1YC8udaluo6wPI1Sioz1 IJ+NUNmq4w0JULmfGN6frZWQ9zM7VuJoiQn1A52dYNk8wOccmko8BrOccK7hWbKUs7vz xYeR/IndL4RWfTY3h4OFw2BiuCGHEkjhNGIzwhTOsYbaiGveeVSH3px/qR62Vpg8+6/6 ty2A==
X-Gm-Message-State: AMke39kAtHpfdJyJDZmuePlBNcd9afThgZvJlhIqfbvdBVFbW5b0WzJsecghRnXJTENXeTAm
X-Received: by 10.200.38.117 with SMTP id v50mr4830225qtv.230.1487973540650; Fri, 24 Feb 2017 13:59:00 -0800 (PST)
Received: from [192.168.86.130] ([191.115.25.29]) by smtp.gmail.com with ESMTPSA id h33sm5610341qtc.42.2017.02.24.13.58.59 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Feb 2017 13:58:59 -0800 (PST)
From: John Bradley <ve7jtb@ve7jtb.com>
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Message-Id: <D2329C0E-C3F8-4F69-88AE-584561E45B65@ve7jtb.com>
References: <148797332573.3278.6515135380852468551.idtracker@ietfa.amsl.com>
To: "<oauth@ietf.org>" <oauth@ietf.org>
Date: Fri, 24 Feb 2017 18:58:57 -0300
X-Mailer: Apple Mail (2.3259)
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="001a11410570571ab905494dd6c0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/JpW1YB4HncDx0pS3mF_LmlPMsEQ>
Subject: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-pop-key-distribution-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2017 21:59:03 -0000
I updated the references but haven't made any other changes. I had some questions about it so though it was worth keeping alive at-least for discussion. There have been some other questions and proposed changes. I will take a look through them and see if what may be worth updating. John B. > Begin forwarded message: > > From: internet-drafts@ietf.org > Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-03.txt > Date: February 24, 2017 at 6:55:25 PM GMT-3 > To: <i-d-announce@ietf.org> > Cc: oauth@ietf.org > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Web Authorization Protocol of the IETF. > > Title : OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution > Authors : John Bradley > Phil Hunt > Michael B. Jones > Hannes Tschofenig > Filename : draft-ietf-oauth-pop-key-distribution-03.txt > Pages : 18 > Date : 2017-02-24 > > Abstract: > RFC 6750 specified the bearer token concept for securing access to > protected resources. Bearer tokens need to be protected in transit > as well as at rest. When a client requests access to a protected > resource it hands-over the bearer token to the resource server. > > The OAuth 2.0 Proof-of-Possession security concept extends bearer > token security and requires the client to demonstrate possession of a > key when accessing a protected resource. > > This document describes how the client obtains this keying material > from the authorization server. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-03 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-pop-key-distribution-03 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-d… internet-drafts
- [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-pop-… John Bradley
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Phil Hunt
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-k… John Bradley
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-k… Nat Sakimura
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-k… John Bradley
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-k… Nat Sakimura
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Ludwig Seitz
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-k… Anthony Nadalin
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… John Bradley