Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-01.txt

Brian Campbell <bcampbell@pingidentity.com> Mon, 12 June 2017 11:57 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDCAD12EA53 for <oauth@ietfa.amsl.com>; Mon, 12 Jun 2017 04:57:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XdW8d0-zKiP6 for <oauth@ietfa.amsl.com>; Mon, 12 Jun 2017 04:57:52 -0700 (PDT)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D25312E957 for <oauth@ietf.org>; Mon, 12 Jun 2017 04:57:52 -0700 (PDT)
Received: by mail-pf0-x234.google.com with SMTP id l89so50809223pfi.2 for <oauth@ietf.org>; Mon, 12 Jun 2017 04:57:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ptFWx5rZIjoljhAgdT3MiLUIuA2sNtnLDNF7wHpNfRY=; b=aAa7YlpLs4nmPhP4KlE58tLooINqWcASnmcDSYRBeH0H3qk4tr7ZcQvajcQbI0sjJ8 3XhRuijHfNF9xtr9pJlvFsv59dGCZQl+SrGL2p+2qFS9TIKHcbEH9zbMf9oJ0qiXW0nf ijhg3Ic2Ik/BrA5uQRjWsgTTTfzKRw1l9fvO0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ptFWx5rZIjoljhAgdT3MiLUIuA2sNtnLDNF7wHpNfRY=; b=BVxuuXCxdZ+a/QpCrIWROYDIsQftO6RvbGfMY9T3f9OeI1ycugNLMiCaHKaLlDVDvo tfBAhjnaqjr201ZjOaYQQ2QNyBosOC/J/i4KVY+1kQQjchI9NlN5fiSQulpIbz6r8E76 yQf0WXxQ7D8502QBnCeXimYmW65xTWTGMdfE2rH4XEqnJEfSmh9EGBd/LWcra8USme3z +hua+0aFtm+4SZfJA1ndusYaeXjp8bttZ74RfDFzc0wcAjhTsxfyDgq9WPaiKoeDjx5q 56MkOu3DuR36Gu+OfwMC0FuSfY2qZcQiHb8FLVNAm27ro6Fcwt4GvaqzhQ+kr53yupj7 gGlg==
X-Gm-Message-State: AODbwcAu5PLl101+Bc0vPSirVRhv4Hce7C4eGmESWZvoGaeIsi2APU7c NFabusAinIXAfp/eCmkk+R5yo+69fTkeh5icl/BRW1tB2fx2p0ZgV6Db1Qrgr18VirY42Zm9vhz Qef43
X-Received: by 10.84.218.71 with SMTP id f7mr54911915plm.180.1497268671922; Mon, 12 Jun 2017 04:57:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.129.130 with HTTP; Mon, 12 Jun 2017 04:57:21 -0700 (PDT)
In-Reply-To: <CAGpwqP_2rLNxQ5SDHaw_zm=qqW42HZnMQycNQDTSg8im1xUWKg@mail.gmail.com>
References: <149583038439.8608.6889631754413770370@ietfa.amsl.com> <CA+k3eCTr+pfbKGt5cB_Js_U5Kdg3uyZUn6jHsWOj8e68nY_r7Q@mail.gmail.com> <CAGpwqP_2rLNxQ5SDHaw_zm=qqW42HZnMQycNQDTSg8im1xUWKg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 12 Jun 2017 05:57:21 -0600
Message-ID: <CA+k3eCTJz64vNxq+Fv2WQ2r2OpwE1cF_XgOE910JnWhvrQ6dRg@mail.gmail.com>
To: Takahiko Kawasaki <daru.tk@gmail.com>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="f403045d153a52dfb20551c2071a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/OsEUn-Wx1F5EMfPJcvD9_yQ4Ps0>
Subject: Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 11:57:55 -0000

Thanks Takahiko, mentioning it on the list is enough. I've fixed it in the
editors' draft
https://github.com/ietf-oauth-mtls/i-d/commit/c6725e30dd1dc2f77aa293bce7fd1849713ed406

On Mon, Jun 12, 2017 at 5:33 AM, Takahiko Kawasaki <daru.tk@gmail.com>;
wrote:

> Hello,
>
> I'm sorry for this FAQ but where can I make comments for the draft of
> "Mutual TLS Profiles for OAuth Clients"?
>
> I found a trivial editorial issue in the last paragraph in "3. Mutual TLS
> Sender Constrained Resources Access". The second 'that' in "... verify that
> the that certificate matches ..." should be removed (= that part should be
> "... verify that the certificate matches ..."). Is it enough to mention it
> in this mailing list like this?
>
> Best Regards,
> Takahiko Kawasaki
>
> 2017-05-27 5:34 GMT+09:00 Brian Campbell <bcampbell@pingidentity.com>;:
>
>> A new draft of "Mutual TLS Profiles for OAuth Clients" has been published. The changes from the previous version are summarized below.
>>
>>
>>    draft-ietf-oauth-mtls-01 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01>
>>
>>    o  Added more explicit details of using RFC 7662 <https://datatracker.ietf.org/doc/html/rfc7662> token introspection
>>       with mutual TLS sender constrained access tokens.
>>    o  Added an IANA OAuth Token Introspection Response Registration
>>       request for "cnf".
>>    o  Specify that tls_client_auth_subject_dn and
>>       tls_client_auth_root_dn are RFC 4514 <https://datatracker.ietf.org/doc/html/rfc4514> String Representation of
>>       Distinguished Names.
>>    o  Changed tls_client_auth_issuer_dn to tls_client_auth_root_dn.
>>    o  Changed the text in the Section 3 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01#section-3> to not be specific about using a
>>       hash of the cert.
>>    o  Changed the abbreviated title to 'OAuth Mutual TLS' (previously
>>       was the acronym MTLSPOC).
>>
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: <internet-drafts@ietf.org>;
>> Date: Fri, May 26, 2017 at 2:26 PM
>> Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-01.txt
>> To: i-d-announce@ietf.org
>> Cc: oauth@ietf.org
>>
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>> This draft is a work item of the Web Authorization Protocol of the IETF.
>>
>>         Title           : Mutual TLS Profiles for OAuth Clients
>>         Authors         : Brian Campbell
>>                           John Bradley
>>                           Nat Sakimura
>>                           Torsten Lodderstedt
>>         Filename        : draft-ietf-oauth-mtls-01.txt
>>         Pages           : 12
>>         Date            : 2017-05-26
>>
>> Abstract:
>>    This document describes Transport Layer Security (TLS) mutual
>>    authentication using X.509 certificates as a mechanism for both OAuth
>>    client authentication to the token endpoint as well as for sender
>>    constrained access to OAuth protected resources.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/
>>
>> There are also htmlized versions available at:
>> https://tools.ietf.org/html/draft-ietf-oauth-mtls-01
>> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-01
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>

-- 
*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you.*