Re: [OAUTH-WG] Call for Adoption: DPoP
"Richard Backman, Annabelle" <richanna@amazon.com> Fri, 20 March 2020 21:06 UTC
Return-Path: <prvs=3416fc2ca=richanna@amazon.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B6C73A0E93 for <oauth@ietfa.amsl.com>; Fri, 20 Mar 2020 14:06:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MIB7_6h3GwUu for <oauth@ietfa.amsl.com>; Fri, 20 Mar 2020 14:06:30 -0700 (PDT)
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCE3A3A0E8E for <oauth@ietf.org>; Fri, 20 Mar 2020 14:06:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1584738391; x=1616274391; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=SWKIrcnowirh0pJE7xRrKUGc/q6+90assZxSCvwZTVg=; b=MwIEQZ3hQyaIqRlARBcUNCcKWw1LRdimaETftfB3IB5im3pUN3I4x7Ji UXBDHXgPmJmjyjvf78x9qi9TEoYUa73jnIPaWeG/fFOCEbi0iUjf/56YQ IvfiLTiPPX6lvegt1afYGJGSEz8A9WypgSHqdIPYDsTm6Irx8ZX8NIhh1 k=;
IronPort-SDR: e1cw7qgPIdZNsUP9Or13r9O48WwOTvba/FABXR3ueM+QA+muHQg6galFlqVuTf13J93sfMw46J tAXLngPjZP1w==
X-IronPort-AV: E=Sophos; i="5.72,285,1580774400"; d="scan'208,217"; a="22002884"
Thread-Topic: [OAUTH-WG] Call for Adoption: DPoP
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-1d-2c665b5d.us-east-1.amazon.com) ([10.43.8.6]) by smtp-border-fw-out-6002.iad6.amazon.com with ESMTP; 20 Mar 2020 21:06:18 +0000
Received: from EX13MTAUWC001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan3.iad.amazon.com [10.40.159.166]) by email-inbound-relay-1d-2c665b5d.us-east-1.amazon.com (Postfix) with ESMTPS id 5E916A2CA9; Fri, 20 Mar 2020 21:06:16 +0000 (UTC)
Received: from EX13D11UWC003.ant.amazon.com (10.43.162.162) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 20 Mar 2020 21:06:15 +0000
Received: from EX13D11UWC004.ant.amazon.com (10.43.162.101) by EX13D11UWC003.ant.amazon.com (10.43.162.162) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 20 Mar 2020 21:06:15 +0000
Received: from EX13D11UWC004.ant.amazon.com ([10.43.162.101]) by EX13D11UWC004.ant.amazon.com ([10.43.162.101]) with mapi id 15.00.1497.006; Fri, 20 Mar 2020 21:06:15 +0000
From: "Richard Backman, Annabelle" <richanna@amazon.com>
To: Justin Richer <jricher@mit.edu>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
CC: oauth <oauth@ietf.org>
Thread-Index: AQHV/FatAH1enDA9v02MgXWBm3JiXKhNTJmAgAQ8KYA=
Date: Fri, 20 Mar 2020 21:06:15 +0000
Message-ID: <D318E328-7B87-46E3-8539-27ED153BEB21@amazon.com>
References: <CAGL6epKuWNXypWMsTQLocX6WqbyQkAE=128gJkKPuOqBzk97Hg@mail.gmail.com> <BBDA3FD2-BA24-4256-968A-FC268799306E@mit.edu>
In-Reply-To: <BBDA3FD2-BA24-4256-968A-FC268799306E@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.162.167]
Content-Type: multipart/alternative; boundary="_000_D318E3287B8746E3853927ED153BEB21amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Sn2XvAoi5ugl1KszVC-q7LRQp0M>
Subject: Re: [OAUTH-WG] Call for Adoption: DPoP
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2020 21:06:33 -0000
+1 I support adoption of DPoP, and echo Justin’s sentiment that there remains room for further work. – Annabelle Backman (she/her) AWS Identity https://aws.amazon.com/identity/ From: OAuth <oauth-bounces@ietf.org> on behalf of Justin Richer <jricher@mit.edu> Date: Tuesday, March 17, 2020 at 2:26 PM To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Cc: oauth <oauth@ietf.org> Subject: RE: [EXTERNAL] [OAUTH-WG] Call for Adoption: DPoP CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. +1 I support adoption of DPoP. I have written an implementation of its current state for a client and implemented its signature mechanism in another project (without the rest of the protocol, fwiw). Now, speaking as the editor of the group’s previous general-purpose http signature draft (for use with the general purpose PoP architecture) and co-editor of the new HTTP working group http signature draft, I still think that there’s room for both of these implementations out there. DPoP is simple and focused, it should do one thing and do it well. And the energies that are looking for a more general solution should help us make the wider HTTP Signature spec work across all those use cases. — Justin On Mar 17, 2020, at 8:20 AM, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>> wrote: All, As per the conclusion of the PoP interim meeting, this is a call for adoption for the OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) document: https://datatracker.ietf.org/doc/draft-fett-oauth-dpop/ Please, let us know if you support or object to the adoption of this document as a working group document by March 31st. Regards, Rifaat & Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Call for Adoption: DPoP Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for Adoption: DPoP Rob Otto
- Re: [OAUTH-WG] Call for Adoption: DPoP Filip Skokan
- Re: [OAUTH-WG] Call for Adoption: DPoP Vladimir Dzhuvinov
- Re: [OAUTH-WG] Call for Adoption: DPoP Torsten Lodderstedt
- Re: [OAUTH-WG] Call for Adoption: DPoP Dominick Baier
- Re: [OAUTH-WG] Call for Adoption: DPoP Jim Willeke
- Re: [OAUTH-WG] Call for Adoption: DPoP Mike Jones
- Re: [OAUTH-WG] Call for Adoption: DPoP Anthony Nadalin
- Re: [OAUTH-WG] Call for Adoption: DPoP John Bradley
- Re: [OAUTH-WG] Call for Adoption: DPoP Brian Campbell
- Re: [OAUTH-WG] Call for Adoption: DPoP Justin Richer
- Re: [OAUTH-WG] Call for Adoption: DPoP Richard Backman, Annabelle
- Re: [OAUTH-WG] Call for Adoption: DPoP Vittorio Bertocci
- Re: [OAUTH-WG] Call for Adoption: DPoP George Fletcher
- Re: [OAUTH-WG] [E] Call for Adoption: DPoP Hjelm, Bjorn
- Re: [OAUTH-WG] Call for Adoption: DPoP Steinar Noem
- Re: [OAUTH-WG] Call for Adoption: DPoP Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for Adoption: DPoP Daniel Fett