Re: [OAUTH-WG] Call for adoption: OAuth Security Topics
Jim Manico <jim@manicode.com> Sat, 04 February 2017 00:08 UTC
Return-Path: <jim@manicode.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25048129443 for <oauth@ietfa.amsl.com>; Fri, 3 Feb 2017 16:08:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=manicode-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5_aN6clKL9CO for <oauth@ietfa.amsl.com>; Fri, 3 Feb 2017 16:08:04 -0800 (PST)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32F1A129416 for <oauth@ietf.org>; Fri, 3 Feb 2017 16:08:04 -0800 (PST)
Received: by mail-pf0-x22e.google.com with SMTP id e4so9214739pfg.1 for <oauth@ietf.org>; Fri, 03 Feb 2017 16:08:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=manicode-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=fWGn8+ty1NerXTkiIwX5BwjWYA1QYGsl2PvN5epWOpg=; b=PQ2oWJWvlYYijP1MLM5pEDIRxLIZ2GMewJD6fvbrwfgs5r2z3eHR7vv9jpGr5YvJ1x wqn57gjoDVZwwnW6TjwodaQEKZ2ed5V5IKUCwbGweXeZ+FgdAowT0Ma+ZEtTo64qkiFb 04SQIr4IZ5yus9cV91WdTetguwU4tCuTkh+EUSNA/21tDf3uz+nhx5vbq8ZTdorAjEmn CXVDDSYTwscbPcV01y235oJfSC/DX5yjBCUtK03SGbIBEcn/GQ2uvEqpPha4lFSWj+yx Ys9GNk82m/yMcho3GqDf9Y1OA6TIDZNp2Y7Ua3tW/FN/vgbiCY+YAlc/IuSO8qMJRXKq kgew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=fWGn8+ty1NerXTkiIwX5BwjWYA1QYGsl2PvN5epWOpg=; b=BiDTxgF2koRA1bl9d1rQPxT1Dsi0ssyl7iEeF6jfAPP1RjzLFa34Q3KKuIwW1vPHZW XZjVLiZ+w45xKeAKdG1oh02DBXngKZXNe55+mJss/ayxJlVzdFhk3+7gQ8bXsxMkiiIz Yvj2FZCTT/vubz8iyXR+MMtb6GCHYOkvNas9GUCWtTYRWuWnHKaYrz8s72i/XUE5pOhn BlHhJFwEnrJnziJVYCfJUUUh1NKWJ0uX0htTyBmKFN5ddb6cudiA+EKywAB4Pri1OODt slX+RnWOxLxaK1/9SX9DhC4rqfxYQE3p74bwwjFEoRv2uLNpERqoIv/RBdw17r+9wLwP BMbA==
X-Gm-Message-State: AIkVDXKmHkRdMOlfFfJL9ZbtLOJ0Lli6t5+gx7Oy89VGOMOxABTblX+ifXV3tc4XOEGF6yQR
X-Received: by 10.84.132.1 with SMTP id 1mr24844668ple.44.1486166883588; Fri, 03 Feb 2017 16:08:03 -0800 (PST)
Received: from heembo.local ([2605:e000:112b:c167:7c7f:eb6b:c497:85d3]) by smtp.googlemail.com with ESMTPSA id p26sm70319092pgn.39.2017.02.03.16.08.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Feb 2017 16:08:03 -0800 (PST)
To: William Denniss <wdenniss@google.com>
References: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net> <541A5105-B963-4FA4-94E4-D794A73B3358@ve7jtb.com> <CAB3ntOupmVPnW4D2QXfJ1rjbMnF-8T9hvcy5cC6EaTDawyuA_A@mail.gmail.com> <CAAP42hC-eM2twsZySvrw26-nL88QBpAU_3MLsztp7JFT=daC0Q@mail.gmail.com>
From: Jim Manico <jim@manicode.com>
Message-ID: <14c5b7d3-9faa-0e2f-1411-689ab13d4fad@manicode.com>
Date: Fri, 03 Feb 2017 14:08:01 -1000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <CAAP42hC-eM2twsZySvrw26-nL88QBpAU_3MLsztp7JFT=daC0Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------744F9936F24D942EC6E4E099"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/MZegfm_enZ7v99pUyGLdXkBXw98>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for adoption: OAuth Security Topics
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Feb 2017 00:08:06 -0000
I'm just some random idiot am an not in this working group but the work from https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00 <https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00> is one of the most up to date and useful OAuth security resources every published. I am thrilled to see more work put into it. Aloha, Jim On 2/3/17 1:57 PM, William Denniss wrote: > I support the adoption of this document as a working group item. > > On Thu, Feb 2, 2017 at 2:30 PM, Jim Willeke <jim@willeke.com > <mailto:jim@willeke.com>> wrote: > > +! > I agree this is needed. > > -- > -jim > Jim Willeke > > On Thu, Feb 2, 2017 at 4:33 PM, John Bradley <ve7jtb@ve7jtb.com > <mailto:ve7jtb@ve7jtb.com>> wrote: > > I am in favour of adoption. > > On Feb 2, 2017, at 4:09 AM, Hannes Tschofenig > <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> > wrote: > > > > Hi all, > > > > this is the call for adoption of the 'OAuth Security Topics' > document > > following the positive call for adoption at the last IETF > > meeting in Seoul. > > > > Here is the document: > > > https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00 > <https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00> > > > > The intention with this document is to have a place to collect > > discussions and conclusions around OAuth 2.0 security and to > reference > > the actual solution specifications. > > > > Please let us know by Feb 16th whether you accept / object > to the > > adoption of this document as a starting point for work in > the OAuth > > working group. > > > > Ciao > > Hannes & Derek > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org <mailto:OAuth@ietf.org> > > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- Jim Manico Manicode Security https://www.manicode.com
- [OAUTH-WG] Call for adoption: OAuth Security Topi… Hannes Tschofenig
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Anthony Nadalin
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Phil Hunt
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Mike Jones
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Justin Richer
- Re: [OAUTH-WG] Call for adoption: OAuth Security … George Fletcher
- Re: [OAUTH-WG] Call for adoption: OAuth Security … John Bradley
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Brian Campbell
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Jim Willeke
- Re: [OAUTH-WG] Call for adoption: OAuth Security … William Denniss
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Jim Manico
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Nat Sakimura
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Denis
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Justin Richer
- Re: [OAUTH-WG] Call for adoption: OAuth Security … Hannes Tschofenig