Re: [OAUTH-WG] Shepherd Writeup for OAuth AMR
Mike Jones <Michael.Jones@microsoft.com> Mon, 26 September 2016 19:03 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF35E12B2AE for <oauth@ietfa.amsl.com>; Mon, 26 Sep 2016 12:03:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U5HVtrAko8n6 for <oauth@ietfa.amsl.com>; Mon, 26 Sep 2016 12:03:42 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0110.outbound.protection.outlook.com [104.47.34.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5899B12B36B for <oauth@ietf.org>; Mon, 26 Sep 2016 12:02:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VQMVQbgoqmc5Y45xnXUQ+s7Cs6v+oSVXwwLb68k4zjw=; b=TUAmf60+/diNgfqo3XmH9GqlVQvMg5Yci3GAttmn6U+Dhfeow3XyTP1IwfkxjuY9ULm3AHlf5IKRsJ7mJDZbrWyOOMxTcgt5sWmsN3W1cnE6Le2oexRuxIMNeevHxMVocyu3fqkA/0KEbxiIf33jf7vPzsmWuwNXrqcwLAHTuxU=
Received: from BN3PR03MB2355.namprd03.prod.outlook.com (10.166.74.150) by BN3PR03MB2356.namprd03.prod.outlook.com (10.166.74.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.639.5; Mon, 26 Sep 2016 19:02:21 +0000
Received: from BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) by BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) with mapi id 15.01.0639.011; Mon, 26 Sep 2016 19:02:21 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Shepherd Writeup for OAuth AMR
Thread-Index: AQHSF+3PDWT304zcpEGBiCU6qqZ8oKCMISeO
Date: Mon, 26 Sep 2016 19:02:20 +0000
Message-ID: <BN3PR03MB235594317529C01BE76547DDF5CD0@BN3PR03MB2355.namprd03.prod.outlook.com>
References: <ba8804ba-8276-b06a-8847-1574c78b2d53@gmx.net>
In-Reply-To: <ba8804ba-8276-b06a-8847-1574c78b2d53@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [107.77.210.50]
x-ms-office365-filtering-correlation-id: baa6f325-9283-4c8d-67e3-08d3e63fa4c1
x-microsoft-exchange-diagnostics: 1; BN3PR03MB2356; 6:TBII6/oZzC+fYHawgjbTWvAhs2/rgjxPc37PNYryyuPfZDfLlsKb9DM7siAu9SmeI9wvjMI/PvpjX1xFSa1WTvEOCqIGhfu9SyEKc5TWohTpUVdlcUft+2NWNFlF5JUsxcn+e4GG5gpEjaH2Dstj7ic6PcwuqgZVqn2NDx19oSxmCYcJ9Nabez1z336KsdSYbLcK7yJQdTEGaJ4FzMWqzyuG4xf8eMQmx6Re3qpS1koMWB3KayIjJpcez4gHi2Ekm2eMm4toHcwynG9bqeU6FEhkN1HAZKfiLWHhQWhRk5SVOittJKXmIfCu9Nf7q6z0aY17ynEXYEK+saclEBbWSA==; 5:almH1hACkEYmzmOoNKXhYZ+wjsVBXsJj6j8Fb8UhbFnS6s/8MhkfHwDlNZ024FWktEmQnesP6AGMi7gTYlhRHnT1nOI7DyicBzklUanrCqNuiWzpE9GyKcwEzMDYmMn9z0lvSyk7Kyx/wgJZ6SEbzQ==; 24:Jn3Mtu7vTXISok+edbJKOQtAbapm7wWhc2gZSa45Gp/J9tlgKBiKqBjdW+Ix5htOkJcoeYZ9xlndlwYx80WE+tfeajf5qOGQ4lJNUj8EJVI=; 7:pAy8XE1Hz6pqa0gChmPOn1Fg0cTx8I2qsyM70L3AHnSHh1hk7fr6dc4WsUMkCpymB3q6QHkW8+/yOEYAyeKXAufiHPuMj62YV3N1SozAq9UADtmri3Alt2jDPzho+JBiMcBh9w4KJl+8m7X9q3osmQda8COSlqggNdP0XNppJgqhz3UjK0JAFCtn6YvQDLXjQnPsxlHRmOiVprcvvb5Lmrs3UqAESYgTrgSeU2QRvgXbzHh33MKEfl7Ni+vxGHYInRZJwMhQfMvfc1YkyusTnR+GTHvR5tk72LfG4oXAhZhI2eZb1tRvmLInXf30tqGD
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR03MB2356;
x-microsoft-antispam-prvs: <BN3PR03MB235618B9827902233A9886FAF5CD0@BN3PR03MB2356.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(65766998875637)(166708455590820)(209352067349851)(248736688235697)(194585677185034);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(61426038)(61427038); SRVR:BN3PR03MB2356; BCL:0; PCL:0; RULEID:; SRVR:BN3PR03MB2356;
x-forefront-prvs: 00770C4423
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(189002)(377454003)(199003)(53754006)(68736007)(107886002)(7846002)(7736002)(76576001)(2501003)(19625215002)(74316002)(81166006)(3846002)(5005710100001)(102836003)(10400500002)(6116002)(10290500002)(5660300001)(551544002)(9686002)(92566002)(189998001)(2906002)(7906003)(5001770100001)(8990500004)(97736004)(8676002)(10090500001)(81156014)(122556002)(586003)(19617315012)(87936001)(7696004)(15395725005)(101416001)(99286002)(77096005)(8936002)(11100500001)(2900100001)(19580405001)(19580395003)(16236675004)(15975445007)(2950100002)(50986999)(76176999)(54356999)(3660700001)(5002640100001)(86362001)(66066001)(33656002)(86612001)(3900700001)(3280700002)(105586002)(106116001)(106356001)(18265965002)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR03MB2356; H:BN3PR03MB2355.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN3PR03MB235594317529C01BE76547DDF5CD0BN3PR03MB2355namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2016 19:02:20.8066 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR03MB2356
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Jx1Q0BNof_JHiJ_MoSffRZ2bNyA>
Subject: Re: [OAUTH-WG] Shepherd Writeup for OAuth AMR
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2016 19:03:45 -0000
Thanks, Hannes. I’ll plan to make these changes once I’m back in circulation – probably early next week. – Mike From: Hannes Tschofenig<mailto:hannes.tschofenig@gmx.net> Sent: Monday, September 26, 2016 7:02 AM To: oauth@ietf.org<mailto:oauth@ietf.org> Subject: [OAUTH-WG] Shepherd Writeup for OAuth AMR Hi all, Here is the writeup for OAuth AMR: https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_AMR.txt There are some questions regarding the normative references. Currently, the list of normative references contains documents that would be clarified as downrefs (since they are informational RFCs). I wonder whether we could make the following references informative: [RFC4226] M'Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., and O. Ranen, "HOTP: An HMAC-Based One-Time Password Algorithm", RFC 4226, DOI 10.17487/RFC4226, December 2005, <http://www.rfc-editor.org/info/rfc4226>. [RFC6238] M'Raihi, D., Machani, S., Pei, M., and J. Rydell, "TOTP: Time-Based One-Time Password Algorithm", RFC 6238, DOI 10.17487/RFC6238, May 2011, <http://www.rfc-editor.org/info/rfc6238>. [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)", RFC 4211, DOI 10.17487/RFC4211, September 2005, <http://www.rfc-editor.org/info/rfc4211>. [JECM] Williamson, G., "Enhanced Authentication In Online Banking", Journal of Economic Crime Management 4.2: 18-19, 2006, <http://utica.edu/academic/institutes/ecii/publications/ articles/51D6D996-90F2-F468-AC09C4E8071575AE.pdf>. [MSDN] Microsoft, "Integrated Windows Authentication with Negotiate", September 2011, <http://blogs.msdn.com/b/benjaminperkins/ archive/2011/09/14/iis-integrated-windows-authentication- with-negotiate.aspx>. [NIST.800-63-2] National Institute of Standards and Technology (NIST), "Electronic Authentication Guideline", NIST Special Publication 800-63-2, August 2013, <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/ NIST.SP.800-63-2.pdf>. Comments on the shepherd writeup are welcome. Ciao Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Shepherd Writeup for OAuth AMR Hannes Tschofenig
- Re: [OAUTH-WG] Shepherd Writeup for OAuth AMR Mike Jones