Re: [OAUTH-WG] Call for adoption: OAuth Security Topics

Jim Manico <jim@manicode.com> Sat, 04 February 2017 00:08 UTC

Return-Path: <jim@manicode.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25048129443 for <oauth@ietfa.amsl.com>; Fri, 3 Feb 2017 16:08:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=manicode-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5_aN6clKL9CO for <oauth@ietfa.amsl.com>; Fri, 3 Feb 2017 16:08:04 -0800 (PST)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32F1A129416 for <oauth@ietf.org>; Fri, 3 Feb 2017 16:08:04 -0800 (PST)
Received: by mail-pf0-x22e.google.com with SMTP id e4so9214739pfg.1 for <oauth@ietf.org>; Fri, 03 Feb 2017 16:08:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=manicode-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=fWGn8+ty1NerXTkiIwX5BwjWYA1QYGsl2PvN5epWOpg=; b=PQ2oWJWvlYYijP1MLM5pEDIRxLIZ2GMewJD6fvbrwfgs5r2z3eHR7vv9jpGr5YvJ1x wqn57gjoDVZwwnW6TjwodaQEKZ2ed5V5IKUCwbGweXeZ+FgdAowT0Ma+ZEtTo64qkiFb 04SQIr4IZ5yus9cV91WdTetguwU4tCuTkh+EUSNA/21tDf3uz+nhx5vbq8ZTdorAjEmn CXVDDSYTwscbPcV01y235oJfSC/DX5yjBCUtK03SGbIBEcn/GQ2uvEqpPha4lFSWj+yx Ys9GNk82m/yMcho3GqDf9Y1OA6TIDZNp2Y7Ua3tW/FN/vgbiCY+YAlc/IuSO8qMJRXKq kgew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=fWGn8+ty1NerXTkiIwX5BwjWYA1QYGsl2PvN5epWOpg=; b=BiDTxgF2koRA1bl9d1rQPxT1Dsi0ssyl7iEeF6jfAPP1RjzLFa34Q3KKuIwW1vPHZW XZjVLiZ+w45xKeAKdG1oh02DBXngKZXNe55+mJss/ayxJlVzdFhk3+7gQ8bXsxMkiiIz Yvj2FZCTT/vubz8iyXR+MMtb6GCHYOkvNas9GUCWtTYRWuWnHKaYrz8s72i/XUE5pOhn BlHhJFwEnrJnziJVYCfJUUUh1NKWJ0uX0htTyBmKFN5ddb6cudiA+EKywAB4Pri1OODt slX+RnWOxLxaK1/9SX9DhC4rqfxYQE3p74bwwjFEoRv2uLNpERqoIv/RBdw17r+9wLwP BMbA==
X-Gm-Message-State: AIkVDXKmHkRdMOlfFfJL9ZbtLOJ0Lli6t5+gx7Oy89VGOMOxABTblX+ifXV3tc4XOEGF6yQR
X-Received: by 10.84.132.1 with SMTP id 1mr24844668ple.44.1486166883588; Fri, 03 Feb 2017 16:08:03 -0800 (PST)
Received: from heembo.local ([2605:e000:112b:c167:7c7f:eb6b:c497:85d3]) by smtp.googlemail.com with ESMTPSA id p26sm70319092pgn.39.2017.02.03.16.08.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Feb 2017 16:08:03 -0800 (PST)
To: William Denniss <wdenniss@google.com>
References: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net> <541A5105-B963-4FA4-94E4-D794A73B3358@ve7jtb.com> <CAB3ntOupmVPnW4D2QXfJ1rjbMnF-8T9hvcy5cC6EaTDawyuA_A@mail.gmail.com> <CAAP42hC-eM2twsZySvrw26-nL88QBpAU_3MLsztp7JFT=daC0Q@mail.gmail.com>
From: Jim Manico <jim@manicode.com>
Message-ID: <14c5b7d3-9faa-0e2f-1411-689ab13d4fad@manicode.com>
Date: Fri, 3 Feb 2017 14:08:01 -1000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <CAAP42hC-eM2twsZySvrw26-nL88QBpAU_3MLsztp7JFT=daC0Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------744F9936F24D942EC6E4E099"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/MZegfm_enZ7v99pUyGLdXkBXw98>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for adoption: OAuth Security Topics
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Feb 2017 00:08:06 -0000

I'm just some random idiot am an not in this working group but the work
from
https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00
<https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00>
is one of the most up to date and useful OAuth security resources every
published. I am thrilled to see more work put into it.

Aloha, Jim


On 2/3/17 1:57 PM, William Denniss wrote:
> I support the adoption of this document as a working group item.
>
> On Thu, Feb 2, 2017 at 2:30 PM, Jim Willeke <jim@willeke.com
> <mailto:jim@willeke.com>> wrote:
>
>     +! 
>     I agree this is needed.
>
>     --
>     -jim
>     Jim Willeke
>
>     On Thu, Feb 2, 2017 at 4:33 PM, John Bradley <ve7jtb@ve7jtb.com
>     <mailto:ve7jtb@ve7jtb.com>> wrote:
>
>         I am in favour of adoption.
>         > On Feb 2, 2017, at 4:09 AM, Hannes Tschofenig
>         <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>>
>         wrote:
>         >
>         > Hi all,
>         >
>         > this is the call for adoption of the 'OAuth Security Topics'
>         document
>         > following the positive call for adoption at the last IETF
>         > meeting in Seoul.
>         >
>         > Here is the document:
>         >
>         https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00
>         <https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00>
>         >
>         > The intention with this document is to have a place to collect
>         > discussions and conclusions around OAuth 2.0 security and to
>         reference
>         > the actual solution specifications.
>         >
>         > Please let us know by Feb 16th whether you accept / object
>         to the
>         > adoption of this document as a starting point for work in
>         the OAuth
>         > working group.
>         >
>         > Ciao
>         > Hannes & Derek
>         >
>         > _______________________________________________
>         > OAuth mailing list
>         > OAuth@ietf.org <mailto:OAuth@ietf.org>
>         > https://www.ietf.org/mailman/listinfo/oauth
>         <https://www.ietf.org/mailman/listinfo/oauth>
>
>
>         _______________________________________________
>         OAuth mailing list
>         OAuth@ietf.org <mailto:OAuth@ietf.org>
>         https://www.ietf.org/mailman/listinfo/oauth
>         <https://www.ietf.org/mailman/listinfo/oauth>
>
>
>
>     _______________________________________________
>     OAuth mailing list
>     OAuth@ietf.org <mailto:OAuth@ietf.org>
>     https://www.ietf.org/mailman/listinfo/oauth
>     <https://www.ietf.org/mailman/listinfo/oauth>
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

-- 
Jim Manico
Manicode Security
https://www.manicode.com