Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-resp-03.txt
Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de> Thu, 18 November 2021 20:07 UTC
Return-Path: <karsten.meyerzuselhausen@hackmanit.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 287BB3A08E5 for <oauth@ietfa.amsl.com>; Thu, 18 Nov 2021 12:07:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.951
X-Spam-Level:
X-Spam-Status: No, score=-3.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.852, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hackmanit.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gD6RjdjZGf9E for <oauth@ietfa.amsl.com>; Thu, 18 Nov 2021 12:06:59 -0800 (PST)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBC063A0105 for <oauth@ietf.org>; Thu, 18 Nov 2021 12:06:58 -0800 (PST)
Received: by mail-wr1-x42a.google.com with SMTP id a9so13810755wrr.8 for <oauth@ietf.org>; Thu, 18 Nov 2021 12:06:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hackmanit.de; s=google; h=message-id:date:mime-version:user-agent:to:references:cc:from :subject:in-reply-to; bh=Kdn8FKTepqPHoBv+YO8i3DH8TtPBrecOkMx3Br6vX+o=; b=Ntx6UkW+XTh/1sQrgCtwZHNAvSXwNeNE93YJ7j1MnxLxDc7potK8p6C2S+0b6Ml3jv yHOvwsXhJBQ2rrR9zb0kC7rvbRekDAWwWiz2LLlx6Y6zDHAy4zorwqOCDKCj2TNy1uLw uGHysh32R8sDnQbYeoi0nBvOet3D08dZx9Lm0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:to :references:cc:from:subject:in-reply-to; bh=Kdn8FKTepqPHoBv+YO8i3DH8TtPBrecOkMx3Br6vX+o=; b=4yrZCkmbMQLkGk6TUJpdWduUtwn90asdBbHhIfh33XecjWYPEZNvPMZNguNJ0tftzm GmhTO2y3m5K551y04zDgSENCDJccKkjxot69FgyijuMbQNiAd8U/IFAVOXUeVf0DBls0 Ez3f+Q3CAM+FEr+wVLWcisNaJYaApMFSYzfq7MTCGVPQOCi0oOgKmE4rs6RHo83GYMYs 0nPGWiw865l62wlGVOVd7KlLB80zOIDeaFudam5WlKtKAvws0FzsYaGlV+nfVZ7UM4Qp 9Qmsze+tFBJUniEzO8ZHFBrZK/eMNdw1a5OkEtcDh6One5q/+FLmnwKdaT/5CDGb+wCz Ac1w==
X-Gm-Message-State: AOAM530ShDLLdDrRu7ezpplwIzTclKubv4NaxdtEryYS6UsFkyeVgjiw KSx9JWU7M7ss83+j88CP6IY9i1ykvxo/Ng==
X-Google-Smtp-Source: ABdhPJzg8u2Z+kqQNOaUdDz8cJI+M2L9jlk9XiBLSSJNxfz4y+92Kz3zTOyZN3pBcJ+vkwXLGMH1HA==
X-Received: by 2002:a5d:5643:: with SMTP id j3mr202948wrw.138.1637266011414; Thu, 18 Nov 2021 12:06:51 -0800 (PST)
Received: from ?IPV6:2003:f7:5f09:b00:4859:9e53:c63a:e8ba? (p200300f75f090b0048599e53c63ae8ba.dip0.t-ipconnect.de. [2003:f7:5f09:b00:4859:9e53:c63a:e8ba]) by smtp.gmail.com with ESMTPSA id l8sm10433101wmc.40.2021.11.18.12.06.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 18 Nov 2021 12:06:50 -0800 (PST)
Message-ID: <31ae1d3d-2cd8-05f5-2952-bc46441b8b60@hackmanit.de>
Date: Thu, 18 Nov 2021 21:06:53 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0
To: oauth@ietf.org
References: <163726559247.7094.4444997556472984840@ietfa.amsl.com>
From: Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de>
In-Reply-To: <163726559247.7094.4444997556472984840@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------2NwyZY4TBvyV5Mx0hnBydS3y"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/OMI1xm94gthdgtm5eyfz3C4hkfU>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-resp-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2021 20:07:04 -0000
Hi all, Daniel and I published a new draft version for the iss parameter. Version 03 addresses the feedback from Roman's AD review, as well as, most of the feedback from Julian Reschke's (artart) and Yoav Nir's (secdir) reviews. The only comment I could not address is this nit because I don't know how to write the links in markdown so that they are processed by xml2rfc correctly. > Section links to external documents do not appear to be marked up as such (and > use a trailing dot in the section number which they should not) Best regards, Karsten Am 18.11.2021 um 20:59 schrieb internet-drafts@ietf.org: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : OAuth 2.0 Authorization Server Issuer Identification > Authors : Karsten Meyer zu Selhausen > Daniel Fett > Filename : draft-ietf-oauth-iss-auth-resp-03.txt > Pages : 11 > Date : 2021-11-18 > > Abstract: > This document specifies a new parameter iss that is used to > explicitly include the issuer identifier of the authorization server > in the authorization response of an OAuth authorization flow. The > iss parameter serves as an effective countermeasure to "mix-up > attacks". > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-oauth-iss-auth-resp-03.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-iss-auth-resp-03 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- Phone: (+49)(0)234 / 45930961 Fax: (+49)(0)234 / 45930960 Mail: karsten.meyerzuselhausen@hackmanit.de PGP: 0EDA AAC6 01DE 3D7F 2123 70F8 4535 C0E7 DB16 F148 Web: www.hackmanit.de Hackmanit GmbH Universitätsstraße 150 (ID 2/469) 44801 Bochum, Germany Vertreten durch: Prof. Dr. Jörg Schwenk, Dr. Juraj Somorovsky, Dr. Christian Mainka, Marcus Niemietz Registergericht: Bochum
- [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-a… Karsten Meyer zu Selhausen
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-a… Roman Danyliw