Re: [OAUTH-WG] Where / how do we report security risks?

William Mills <wmills_92105@yahoo.com> Fri, 01 February 2013 15:31 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84CB021E803D for <oauth@ietfa.amsl.com>; Fri, 1 Feb 2013 07:31:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.648
X-Spam-Level:
X-Spam-Status: No, score=-0.648 tagged_above=-999 required=5 tests=[AWL=-0.650, BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mVr1sxexAbIy for <oauth@ietfa.amsl.com>; Fri, 1 Feb 2013 07:31:05 -0800 (PST)
Received: from nm17.bullet.mail.bf1.yahoo.com (nm17.bullet.mail.bf1.yahoo.com [98.139.212.176]) by ietfa.amsl.com (Postfix) with SMTP id DE7D221E8030 for <oauth@ietf.org>; Fri, 1 Feb 2013 07:31:04 -0800 (PST)
Received: from [98.139.212.145] by nm17.bullet.mail.bf1.yahoo.com with NNFMP; 01 Feb 2013 15:31:04 -0000
Received: from [98.139.215.228] by tm2.bullet.mail.bf1.yahoo.com with NNFMP; 01 Feb 2013 15:31:04 -0000
Received: from [127.0.0.1] by omp1068.mail.bf1.yahoo.com with NNFMP; 01 Feb 2013 15:31:04 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 193289.59015.bm@omp1068.mail.bf1.yahoo.com
Received: (qmail 40215 invoked by uid 60001); 1 Feb 2013 15:31:03 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1359732663; bh=TD/tDN9Ey43A1os8P2h17D6gy8emcj3xBhtkASeybN8=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=6OZpqiFTbKit/stDUoKr5avutU5Ai6+TZi/4uHPy0EhpjVq2ZSLQ9EhtlJFhFOvL1V/3sfdqk8bNbs+pNH8q05/3urFPEF8Fbc1oZep/0wXN8KIIE4MLwIiy22PaYpSirWSKR/CUc9ob0wwvxQkLTw+qibZNUOD/U0tKUkMeaYY=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=RX6v5fKdws//OwC91CTU26Z39SyMT4RcDF/Cc/u7pxGE8KpdshS+BBEdljZCRjsIsmf5rjHLVUVzMz0yr7Lb/mCdjednTixVnzJ+3QGd0nCAhy3vvIkv9l/M9c3IyY7ZXtlrjO1W7zBOnUEAfCif+ex+MmgHvslwrWBtB4qkG4s=;
X-YMail-OSG: 8NX.Hk4VM1mxLc8CrNc3EGdMyyR_c7RRkdCBGbS7dEpX_Uf aMrihywcbrqamHRav7vhOcs3mZg_Jaz4zmSMM7jg8xfvHyLas8WwLhe5REnU DaUtEVB9RD5hFdmujzqg7PoqrBzyyUYCm5iNTmmqinnOtRTbFd9QRyCWk1zx 7E1FnFJk0_WNVAeLXK.8ZG6bgPvsXV9BO8KYmOQ00IngjRn23bT7WsllH_GA pQgjBIEzq6U7iPmDtKAqOrLsOideWK9JyyYboi.JkvZd8oyPxPr2KEwv1gYt fUinIK8LZFwFLTNwsAvWmDUFWmHFxTIkMTTOam98.k8dYPLYMVWm8frvwoj_ OXVgRXgYPsBwwT9h4sxK9uENhFveko4uSxxVZmuAlZeEv_gUX1SKpEFJxDbB Qc0ibQrsS009bj1HFCxX4BHgTM8fhUZtiPsBS2GW1jrJacr39l8vwHEoMRZW q9GFPlitaIx1_Czov2YzcAggwfq.6YPaUM_M0AckxoF6v_F0w87iBT_IjJ2N SdySj7BS0E3FhFlVPEANz4ACQxINNaJ5_ZP2Jpw--
Received: from [99.31.212.42] by web31808.mail.mud.yahoo.com via HTTP; Fri, 01 Feb 2013 07:31:03 PST
X-Rocket-MIMEInfo: 001.001, SGVyZSBpcyBwcm9iYWJseSB5b3VyIGJlc3QgYmV0IGlmIGl0J3MgYSBkZXNpZ24gcXVlc3Rpb24uIMKgSWYgaXQncyBhIHNwZWNpZmljIGltcGxlbWVudGF0aW9uIHRoZW4gc2VuZCBpdCB0byB0aGUgY29tcGFueSBpbiBxdWVzdGlvbiBmaXJzdCBpZiB5b3UgdGhpbmsgdGhleSBoYXZlIGEgdnVsbmVyYWJpbGl0eS4KCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwogRnJvbTogTC4gUHJlc3RvbiBTZWdvIElJSSA8TFBTZWdvM0BnbWFpbC5jb20.ClRvOiBvYXV0aEBpZXRmLm9yZyAKU2VudDogVGgBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.132.503
References: <CAEeqsMaCyF31X50=A6qM7QU2zbMLoSE4C-F8oe5NrWyiCb8hZA@mail.gmail.com>
Message-ID: <1359732663.49190.YahooMailNeo@web31808.mail.mud.yahoo.com>
Date: Fri, 1 Feb 2013 07:31:03 -0800 (PST)
From: William Mills <wmills_92105@yahoo.com>
To: "L. Preston Sego III" <LPSego3@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <CAEeqsMaCyF31X50=A6qM7QU2zbMLoSE4C-F8oe5NrWyiCb8hZA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="258328648-2097133209-1359732663=:49190"
Subject: Re: [OAUTH-WG] Where / how do we report security risks?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2013 15:31:05 -0000

Here is probably your best bet if it's a design question.  If it's a specific implementation then send it to the company in question first if you think they have a vulnerability.


________________________________
 From: L. Preston Sego III <LPSego3@gmail.com>
To: oauth@ietf.org 
Sent: Thursday, January 31, 2013 6:01 AM
Subject: [OAUTH-WG] Where / how do we report security risks?
 

Don't want hackers to try anything on oauth2-using applications...
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth