Re: [OAUTH-WG] Publication has been requested for draft-ietf-oauth-device-flow-07

William Denniss <wdenniss@google.com> Tue, 06 March 2018 06:24 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2497D124235 for <oauth@ietfa.amsl.com>; Mon, 5 Mar 2018 22:24:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kaFFgAogwtA4 for <oauth@ietfa.amsl.com>; Mon, 5 Mar 2018 22:24:04 -0800 (PST)
Received: from mail-ua0-x235.google.com (mail-ua0-x235.google.com [IPv6:2607:f8b0:400c:c08::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B03A1124B0A for <oauth@ietf.org>; Mon, 5 Mar 2018 22:24:00 -0800 (PST)
Received: by mail-ua0-x235.google.com with SMTP id m43so12289470uah.1 for <oauth@ietf.org>; Mon, 05 Mar 2018 22:24:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Lgey3thDrRwnEVih61hYwKECVcEf6OSzCs/OyJx5/tw=; b=cQceELsMiTAvCs5Nghs1ZaTTM3RJTUQFw8imWueOwPk4M1McRm0dpsJidVThZXsTUV eRIVX7llAtIAWjl1/NaELODB/yJTKVkdigSo+Ydq85Ls6/nSCMVkPThDF13MqplnpWs4 2KSK90WprMupO/t+e//aG2BzHuoK5Rw2J/za/OY331LAbDkZktymS4TcRv3xWT2x7khB UFrrUjGqQJXl1hHk476DwynKNW+CalTnWhOuuAEtgpg/d2f2WJgsJ5rkpIFrndn1GK9X 1V93No8gv2LmnAFWYLIeBR7D5W1tkpm9EK507QrAaj0P21KW7IiDtopnS2naTEThT57f YAVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Lgey3thDrRwnEVih61hYwKECVcEf6OSzCs/OyJx5/tw=; b=PlHkkDQ8D1LUwi+FQVv/Id6w704WMrKPgzmWAjYlTXCMzR8T3hqhlse3ToGwzC9zWj gMu1fpQwY6kmydNcR9WRfIk3//ILkuAp8UBlOpIAHYNnUgLQ96D8AkEXMp5bvVSw04we CNcTDJasRMxKWdGsIzxUpHCZyBJtyqzaqd7fpLT+1aBtjIRdhIF+syi+oeJ3yCRe5hEN sand5BJTSZil+hugFFpxVFhMNA68cxBDOYfHbbdbt55zL7yTBkJzzpaC3/VUTIuL9xr+ LxC+OKNxg3+/5QY3AtrT/DXMeg1vI9a7aJFGlcWp7TPSuK6ThhY0R0BfMXO1YFDNnsAT qp9g==
X-Gm-Message-State: AElRT7HtnnUv5xK4DMU1R3A7cXWOFSP4cTHfe9i6V0/SJAH8ErV7B7i9 TmRiZtkpFGKZM1rJTRlbakv1nlr1Ty2aDps45Wlyww==
X-Google-Smtp-Source: AG47ELuKal8PWXfV5jGbYMhLT5BQtRWNwLAqwooeckTf8ZMP5JjKBVnGP9YM+6GlkGDZrY+EK8UD31ZnTGyKrKxO/Ok=
X-Received: by 10.176.6.10 with SMTP id f10mr12536649uaf.181.1520317439008; Mon, 05 Mar 2018 22:23:59 -0800 (PST)
MIME-Version: 1.0
References: <151517342925.14706.13583633097065531665.idtracker@ietfa.amsl.com> <831693C2CDA2E849A7D7A712B24E257F7F91B492@BRN1WNEXMBX01.vcorp.ad.vrsn.com> <CAGL6epKjqn_c-XZ_B=O8zbQdPpy15BS155W601ybZPU4g-j-wA@mail.gmail.com>
In-Reply-To: <CAGL6epKjqn_c-XZ_B=O8zbQdPpy15BS155W601ybZPU4g-j-wA@mail.gmail.com>
From: William Denniss <wdenniss@google.com>
Date: Tue, 06 Mar 2018 06:23:47 +0000
Message-ID: <CAAP42hDA=w=Q9C0PQShZ=np_kAx2-8w=ALLO_V215vYEW+KKAg@mail.gmail.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Cc: "Hollenbeck, Scott" <shollenbeck@verisign.com>, iesg-secretary@ietf.org, oauth <oauth@ietf.org>, oauth-chairs@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c122e6ce6b2aa0566b87cc3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/SsdUVhBXyTqt5ic8oflzM81l570>
Subject: Re: [OAUTH-WG] Publication has been requested for draft-ietf-oauth-device-flow-07
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Mar 2018 06:24:06 -0000

Thanks again for the feedback Scott. I've staged an update here:
https://github.com/WilliamDenniss/draft-ietf-oauth-device-flow/pull/6

It expands on the brute force attack section to include some detail on this
attack, as it is quite unique for OAuth brute-force attacks (since the
victim actually ends up with the attacker's grant on the device, instead of
the other way around – not that this is totally safe of course, it's just
unique).  It also adds some further discussion around what factors need to
be considered by authorization servers when creating the user code format.

I'll post this once my co-authors have reviewed, and the submission tool
re-opens.


On Fri, Jan 5, 2018 at 10:56 AM Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
wrote:

> Hi Scott,
>
> Sorry, I missed that last discussion that you had with William.
>
>
> *William,*
>
> Can you please update the document based on your last discussion with
> Scott?
> I will then update the request for publication to use the new updated
> version.
>
> Regards,
>  Rifaat
>
>
>
> On Fri, Jan 5, 2018 at 12:40 PM, Hollenbeck, Scott <
> shollenbeck@verisign.com> wrote:
>
>> > -----Original Message-----
>> > From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Rifaat Shekh-
>> > Yusef
>> > Sent: Friday, January 05, 2018 12:30 PM
>> > To: ekr@rtfm.com
>> > Cc: oauth@ietf.org; iesg-secretary@ietf.org; oauth-chairs@ietf.org
>> > Subject: [EXTERNAL] [OAUTH-WG] Publication has been requested for draft-
>> > ietf-oauth-device-flow-07
>> >
>> > Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-device-
>> > flow-07 as Proposed Standard on behalf of the OAUTH working group.
>> >
>> > Please verify the document's state at
>> > https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/
>>
>> The document really should be updated to reflect the last call
>> discussions prior to requesting publication for the -07 version that needs
>> to be updated.
>>
>> Scott
>>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>