[OAUTH-WG] Mirja Kühlewind's No Objection on draft-ietf-oauth-jwt-bcp-06: (with COMMENT)
Mirja Kühlewind via Datatracker <noreply@ietf.org> Tue, 25 June 2019 16:35 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CAA6A120322; Tue, 25 Jun 2019 09:35:43 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Mirja Kühlewind via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-oauth-jwt-bcp@ietf.org, Hannes Tschofenig <hannes.tschofenig@arm.com>, oauth-chairs@ietf.org, hannes.tschofenig@arm.com, oauth@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.98.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Mirja Kühlewind <ietf@kuehlewind.net>
Message-ID: <156148054377.31241.8707184103893993321.idtracker@ietfa.amsl.com>
Date: Tue, 25 Jun 2019 09:35:43 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/PXhisBdZQJY4WG1EsthhkHGPmHg>
Subject: [OAUTH-WG] Mirja Kühlewind's No Objection on draft-ietf-oauth-jwt-bcp-06: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2019 16:35:44 -0000
Mirja Kühlewind has entered the following ballot position for draft-ietf-oauth-jwt-bcp-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I'm by far no expert here but I don't really understand all attacks described. Maybe it's just me, however, especially 2.7 and 2.8 seem quite high level to me and I'm wondering if it is possible to be more concrete or provide an example or something. Anyway, the more important part is section 3, so no need to worry too much about this. I'm wondering if it would make sense for this document to update RFC7519. I know there is no direct change but it complements RFC7519 and using the update mechanism makes I easy/easier for readers of RFC7519 two find this doc.
- [OAUTH-WG] Mirja Kühlewind's No Objection on draf… Mirja Kühlewind via Datatracker