Re: [OAUTH-WG] Fwd: [websec] unbearable - new mailing list to discuss better than bearer tokens...
Phil Hunt <phil.hunt@oracle.com> Sat, 06 December 2014 01:48 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1326E1A87CE for <oauth@ietfa.amsl.com>; Fri, 5 Dec 2014 17:48:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H6hjtBVIy6uR for <oauth@ietfa.amsl.com>; Fri, 5 Dec 2014 17:48:45 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95ED31A87C3 for <oauth@ietf.org>; Fri, 5 Dec 2014 17:48:45 -0800 (PST)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id sB61mf9b018734 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 6 Dec 2014 01:48:42 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id sB61mefg015143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sat, 6 Dec 2014 01:48:41 GMT
Received: from abhmp0017.oracle.com (abhmp0017.oracle.com [141.146.116.23]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id sB61meW2019045; Sat, 6 Dec 2014 01:48:40 GMT
Received: from [192.168.1.125] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 05 Dec 2014 17:48:40 -0800
References: <5481E0A7.2090604@cs.tcd.ie> <548204B3.5050903@gmx.net>
Mime-Version: 1.0 (1.0)
In-Reply-To: <548204B3.5050903@gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <B1060536-0FC9-4153-B7A7-6779F12CE9F7@oracle.com>
X-Mailer: iPhone Mail (12B435)
From: Phil Hunt <phil.hunt@oracle.com>
Date: Fri, 05 Dec 2014 17:48:38 -0800
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Jpcfu-J0_wUwBnNSn7VXIV5_UjE
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: [websec] unbearable - new mailing list to discuss better than bearer tokens...
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Dec 2014 01:48:47 -0000
Doesn't that duplicate our current work? Phil > On Dec 5, 2014, at 11:17, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > > > > > -------- Forwarded Message -------- > Subject: [websec] unbearable - new mailing list to discuss better than > bearer tokens... > Date: Fri, 05 Dec 2014 16:43:19 +0000 > From: Stephen Farrell <stephen.farrell@cs.tcd.ie> > Reply-To: Stephen Farrell <Stephen.Farrell@cs.tcd.ie> > To: saag@ietf.org <saag@ietf.org>, websec <websec@ietf.org>, > uta@ietf.org <uta@ietf.org>, ietf-http-wg@w3.org Group > <ietf-http-wg@w3.org>, http-auth@ietf.org <http-auth@ietf.org> > > > Hiya, > > Following up on the presentation at IETF-91 on this topic, [1] > we've created a new list [2] for moving that along. The list > description is: > > "This list is for discussion of proposals for doing better than bearer > tokens (e.g. HTTP cookies, OAuth tokens etc.) for web applications. > The specific goal is chartering a WG focused on preventing security > token export and replay attacks." > > If you're interested please join in. > > Thanks to Vinod and Andrei for agreeing to admin the list. > > We'll kick off discussion in a few days when folks have had > a chance to subscribe. > > Cheers, > S. > > PS: Please don't reply-all to this, join the new list, wait > a few days and then say what you need to say:-) > > [1] https://tools.ietf.org/agenda/91/slides/slides-91-uta-2.pdf > [2] https://www.ietf.org/mailman/listinfo/unbearable > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Fwd: [websec] unbearable - new mailing… Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: [websec] unbearable - new mai… Phil Hunt
- Re: [OAUTH-WG] Fwd: [websec] unbearable - new mai… John Bradley
- Re: [OAUTH-WG] Fwd: [websec] unbearable - new mai… Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: [websec] unbearable - new mai… John Bradley
- Re: [OAUTH-WG] Fwd: [websec] unbearable - new mai… Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: [websec] unbearable - new mai… Stephen Farrell
- Re: [OAUTH-WG] [http-auth] unbearable - new maili… Phil Hunt
- Re: [OAUTH-WG] [http-auth] unbearable - new maili… Stephen Farrell
- Re: [OAUTH-WG] [Unbearable] [http-auth] unbearabl… Phil Hunt