Re: [OAUTH-WG] Follow up on draft-ietf-oauth-device-flow-08
Eric Rescorla <ekr@rtfm.com> Sat, 14 April 2018 02:38 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEAAA120713 for <oauth@ietfa.amsl.com>; Fri, 13 Apr 2018 19:38:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ouScrO5HHES0 for <oauth@ietfa.amsl.com>; Fri, 13 Apr 2018 19:38:05 -0700 (PDT)
Received: from mail-ot0-x233.google.com (mail-ot0-x233.google.com [IPv6:2607:f8b0:4003:c0f::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E89712D7E8 for <oauth@ietf.org>; Fri, 13 Apr 2018 19:38:05 -0700 (PDT)
Received: by mail-ot0-x233.google.com with SMTP id y46-v6so11915235otd.4 for <oauth@ietf.org>; Fri, 13 Apr 2018 19:38:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=PIAfwiKbY7Qz5/ggf5F6C5Sy1RZq6PP5mzKpCLO/ii0=; b=EoL0EJ5WeaxAhaCUfanPKqq5idDRAaWyo63lk2yImGDUth3MqQvYi+VtlzUyaGLM2d 6aR5U4eHo9cSspuHG5RmrQP60UyvRBM/8CYGyVzAjaWJcsw9ETZXajH+16Kss2KE/mSe itd7T5XL5I0rbgKWPuKV/HByTQetFIODnBhIoSGAiMgZE0W9menNzkhHr3J0nd3BzeP+ NjPWV8VeisUvLe5xTEqUl08hl7u1dEe4CDBxqrwWCo9v0/SpSbpU/emVu8Ut/hhoHGjk XIOyHc6xbJp1HAMwQWwJ0Nx/mym6fnTXuR+aWUJ9bP61eCtNC2lhuXQYDg9ENnViTzda AfxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=PIAfwiKbY7Qz5/ggf5F6C5Sy1RZq6PP5mzKpCLO/ii0=; b=S6Lu5oyC+MlN4DYCKJghDRhZTrKMrglC2ssmsEj1LcYWa5dFj5T2cE5GbbB9Gpgu/b jxH4yx6NVZL61PhMRL8PaVl3AzzwrIyQZvK9vigFH2Gl2QMXmqulDywjERO9WSzF+YOQ qeElG3tbDum88kW9NumiH/esaNdyQV1fsYE6GuoPuvBmyN3zOxbud1MnQRrXu6khUeFf xj8YC5d9q1DaPgkgWDASlw4xtrUDffGZ3b+l1iVZDinKvnHwbsfzvM2dZe+M8pc3yCnU HkD1nVg3caQjZh0VBqR7GlkV7P2JlpVflSkkhikXpGw5qbzZpCiemNcyx5ChGqzDt7Ta Z1Bw==
X-Gm-Message-State: ALQs6tCzvdrhLW4SquUIrMQtnwz71jxRTBSvnUDFlHREyBUIaAsACWmm 23ebGvsToZ26v6YvQHfdm0d5Y2tpmFcYknt/mCYZqA==
X-Google-Smtp-Source: AIpwx4+zRTWTL60j1pNtBdN+n7HwNLHV+WgsQx5jfwVBZMUn1ysBXaFK6JjstMyQngq1giDM/ULiqYO1VJrRTSnyrFo=
X-Received: by 2002:a9d:5919:: with SMTP id t25-v6mr1689943oth.217.1523673484463; Fri, 13 Apr 2018 19:38:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.138.18.130 with HTTP; Fri, 13 Apr 2018 19:37:24 -0700 (PDT)
In-Reply-To: <BL0PR00MB0292EB90294DE62DEF6BDF43F5B20@BL0PR00MB0292.namprd00.prod.outlook.com>
References: <CABcZeBMWdZ4q8N0X4QrGQhkEVs8_38Tqa8Fou+oVP1tYoJ0aXg@mail.gmail.com> <BL0PR00MB0292EB90294DE62DEF6BDF43F5B20@BL0PR00MB0292.namprd00.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 13 Apr 2018 19:37:24 -0700
Message-ID: <CABcZeBP1JvFiMsx4ipR6bGCu219WHN+fFbufF3F_fhYFsP_WJA@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cba5340569c5e0da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/KIPW8kXqCfcakUSBvSHWzyszg60>
Subject: Re: [OAUTH-WG] Follow up on draft-ietf-oauth-device-flow-08
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Apr 2018 02:38:07 -0000
Thanks for the quick followup. I will take a look at the next version -Ekr On Fri, Apr 13, 2018 at 6:06 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > We still need to add the text addressing the points described in John > Bradley’s reply to you sent while in London. > > > > -- Mike > > > > *From:* OAuth <oauth-bounces@ietf.org> *On Behalf Of * Eric Rescorla > *Sent:* Friday, April 13, 2018 6:00 PM > *To:* oauth@ietf.org > *Subject:* [OAUTH-WG] Follow up on draft-ietf-oauth-device-flow-08 > > > > Hi folks, > > > > I just looked at the -08 diffs and I see a new section on brute forcing > the token > > but not describing the confused deputy attack. Did I miss something, or > were you > > still planning to add more text? > > > > Thanks > > -Ekr > > > > >
- Re: [OAUTH-WG] Follow up on draft-ietf-oauth-devi… Eric Rescorla
- [OAUTH-WG] Follow up on draft-ietf-oauth-device-f… Eric Rescorla
- Re: [OAUTH-WG] Follow up on draft-ietf-oauth-devi… Mike Jones
- Re: [OAUTH-WG] Follow up on draft-ietf-oauth-devi… Mike Jones
- Re: [OAUTH-WG] Follow up on draft-ietf-oauth-devi… Eric Rescorla