[OAUTH-WG] Re: I-D Action: draft-ietf-oauth-status-list-05.txt
Christian Bormann <chris.bormann@gmx.de> Fri, 15 November 2024 18:06 UTC
Return-Path: <chris.bormann@gmx.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1551FC15198C for <oauth@ietfa.amsl.com>; Fri, 15 Nov 2024 10:06:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQ7NabCUz6-g for <oauth@ietfa.amsl.com>; Fri, 15 Nov 2024 10:06:48 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 269E1C1CAF4D for <oauth@ietf.org>; Fri, 15 Nov 2024 10:06:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1731694006; x=1732298806; i=chris.bormann@gmx.de; bh=ZftuymMGLZoYp4Ly6PmSDqbHfBENDV+SWG+DrCWlcm0=; h=X-UI-Sender-Class:Reply-To:From:To:References:In-Reply-To: Subject:Date:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding:cc:content-transfer-encoding: content-type:date:from:message-id:mime-version:reply-to:subject: to; b=mnskVSsVKsjawOD3xeYVjP/0hAX5dEQWIrXfjrdxY7NvcNZJkRL5qvSoiy66J+6u +77Jm42GGR3Dyig8O0U4hWB+DpQeOw5/re9hOgxI5iJTWra8/IjEOU/6v+7RdpFUX heqNf2Qxdupa52RGxzhp/19pNY5fHBbp8jhUyJgHIl3cL4MReG8jdmabgSirrPQEb JzfrErkD6Bzf8pRgGTTV9AxYc9PUtxKN1qugkGCCh/kUy+CRPSb/qp+SdLCV14hJj WHmMpcHnC8aOd77N78BF+P6sjQ/lAhx3S8sY+3nxLOw8IdiMvQEiTzKYsWQSr+DPi 64j3Hfd7ESuwb4P8sw==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from chrisPC ([95.208.68.89]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MGQj7-1szfpr17PR-00FX0p for <oauth@ietf.org>; Fri, 15 Nov 2024 19:06:46 +0100
From: Christian Bormann <chris.bormann@gmx.de>
To: oauth@ietf.org
References: <172953688102.1997773.10517100031839597883@dt-datatracker-78dc5ccf94-w8wgc>
In-Reply-To: <172953688102.1997773.10517100031839597883@dt-datatracker-78dc5ccf94-w8wgc>
Date: Fri, 15 Nov 2024 19:06:43 +0100
Message-ID: <001201db3789$211c6d80$63554880$@gmx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIJ9cpAeRH/bC92tgINERw1UYrFpbJbJTwQ
Content-Language: en-gb
X-Provags-ID: V03:K1:gTVz/4ySpQo9/BiZ3uc5PTlwEa1qYhZqO7k9Qiyw8GjgkKTlASd aEcarIGKBdzaDypRVpCTUInntWa5CW0iMr71jhLROu5wDkLi3MFIE4EyRiIxnvqhWptv4+k rUOgYdA7yNFJysb0W6NE7MLxQLe/uC9FBMWnv2w9tTrnTkiPvwCgjRxAluMb8Kz9YUFxjNb F/pVEjm1w1U4HDQfIJeMg==
UI-OutboundReport: notjunk:1;M01:P0:gbQFa8kvwEY=;cK6lfWEQrgiZlzG9JdRDoNonob7 QH0SonigAuO72+A4AXk6eWkZy4v8A3R7RK5PApT3we1BLh5bUnvbirhK2pwxrR/Bonru+5vqP V44JCx9qEypFuPlwQgdDCipkuNA+ARz3C65AYqmvKmjF8Coh6r5JGovxm0UST4MsAmO5O8OAp PbVDOpb8y+XVVana4k+ES5s6wHsBXUqz52+CIec5DTVAnrZFW2yGqzlRM4oip+5jm8VMDbIvF veRBBH55xQdHEm1FcSdIiAiDFKxORVZgdJd8XjcFyzpg4n//Jx4YeEqnpxm/g36ak94tBtljs XJRze9y+OiKgN/oQ7HQ1fcQTNoCV21JmPowEH5+zLr06CgrfZN8pYemfi9KGMTDnG42+BZO1g yN5K+Q5ibIyi/h/PBsFMsmkSzlz3mD2Dib/sftdBNPVNIxMNIUwQrwG57ptg9N98bEIbuyCex yMZ/0rtLzbj6R5y7a9LaqlmQscc/DnNd6UB1rqxlFBkCFeSyWDffk0XxNzaXtqxlqzq9UiVnF JntHlPQK1cKbE4im9I5exl/2aTSRR5Sa73QablRPoduWSAdF8X6YZcNjqhc1AjGVxLzRtUPWg 9VOULrRlSf4+wKGZ1rKN8HgvwrxJBXvlKnBvofJZbKphZG58lOtERReZOiyHUA8wWyI8eMnOv eWbSST5S9/j+cYTi5kXqIfHyjBDIqmv9jNqR2RvAO+mlErQ1cRHZ2TbbkwH5NSjKndLOq1F9N gKUFQnAydcAljDFxZ12khkdbcyt6sHVzxWgeDGYI8tBYCjKYfntz624ul7HZXzFdI61aNIIEl Z+kMcLSxFWc52FIjcW4tR7Cwif7SqLzUFh+HmpuPObSwvILDz/TWbnEeNLZALv28FBooelhjJ 5VR1HacskzkkvlpfGJEsTG57vjkm3pPCyMUPIHmccqi9tVfixYoggifJ9
Message-ID-Hash: MZKEDYQPZ2W3MRRWFZV5QIK5UJ7L65JN
X-Message-ID-Hash: MZKEDYQPZ2W3MRRWFZV5QIK5UJ7L65JN
X-MailFrom: chris.bormann@gmx.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: chris.bormann@gmx.de
Subject: [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-status-list-05.txt
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/NQh2EcSzBt8vqfch9Eo6dGMi-IA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Hi All, Thanks for the good discussion on the Status List at the IETF 121 (Dublin). This is our understanding of the discussions and the rough consensus at the meeting. We will continue with PRs in this direction and wanted to confirm that our understanding matches the working groups: - Unsigned Option: No strong objection to drop the unsigned option in favor of simplicity of the spec. We will drop the unsigned option and add to security considerations that we expect the status list to always be in a secured container. - Compression: Minimize options and do not introduce an optional parameter to support different compression algorithms (and no compression) for the time being - could still be extended later on. - Content Type: Enforce media types, especially Content-Type when retrieving the status list. We will also do a bit more research how earlier RFCs dealt with the problem of some services (like some CDNs) not responding with correct media types. Best Regards, Christian -----Original Message----- From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Monday, October 21, 2024 8:55 PM To: i-d-announce@ietf.org Cc: oauth@ietf.org Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-status-list-05.txt Internet-Draft draft-ietf-oauth-status-list-05.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: Token Status List Authors: Tobias Looker Paul Bastian Christian Bormann Name: draft-ietf-oauth-status-list-05.txt Pages: 48 Dates: 2024-10-21 Abstract: This specification defines status list data structures and processing rules for representing the status of tokens secured by JSON Object Signing and Encryption (JOSE) or CBOR Object Signing and Encryption(COSE), such as JSON Web Tokens (JWTs), CBOR Web Tokens (CWTs) and ISO mdoc. The status list token data structures themselves are also represented as JWTs or CWTs. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-oauth-status-list-05.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-status-list-05 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-leave@ietf.org
- [OAUTH-WG] I-D Action: draft-ietf-oauth-status-li… internet-drafts
- [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-statu… Christian Bormann