Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-01.txt
Bill Mills <wmills_92105@yahoo.com> Tue, 28 October 2014 19:56 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 948821ACD61 for <oauth@ietfa.amsl.com>; Tue, 28 Oct 2014 12:56:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.175
X-Spam-Level:
X-Spam-Status: No, score=-1.175 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gbwthHASVTbg for <oauth@ietfa.amsl.com>; Tue, 28 Oct 2014 12:56:29 -0700 (PDT)
Received: from nm48-vm8.bullet.mail.gq1.yahoo.com (nm48-vm8.bullet.mail.gq1.yahoo.com [67.195.87.228]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EDE41ACDD2 for <oauth@ietf.org>; Tue, 28 Oct 2014 12:56:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1414526187; bh=8ot8y44eraCMqbDWi500Zue5EcwDXz0rml923eTh/Sk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=J8pXAyqjBOGsDH2tRGgJ2t0QScUu3hc5cnLjmXsnz2IF5SqwUq8T9ZnTBHE6FQIaOZMiNcNOdR2m0HpN91H+EteJgt90HLmdd73FPkUFzursyfgKtsORFio7uOsL5gH+LAfkDgMEgaOv8L2OQteUlMWdlimUEVqKn2Gdx/diC3jOHCkgLfk89X35sowYAmag0fuS+6MZ3YZBYXtgALpbNUzXLIWCFgfb6t1ehDAfHAxzz7eWRxyhOsDu47MkU/JgC2rDscnZqwTepC3b/ApFXYLx8bfUqJdtS3W314EDgsJQZWjzu+Mt+zZdQAR4lT9EihT7sgukPNTklaUw/Mq0NA==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=e90tQ+7vai3BwUtwUw1ST/deN6uxRgKKyCJrLznK8YwWQBEyrEieL1Q+/pjVl030Q7CXRXcD7CYGiCZlu8RXst2LfnrWdTivsshrBJfWUklXVUK3tDDtvccsgROgnba26d9ibhHnq6SbZY822n00a17u1kcy5Xa7YkQVmXtp22f/pIDptD+uQevTSl9fln1/YTI5e9cIjkHE/++DWQLpVVK2bh/615p7YL5KavNqgZm9sYgk1NZqWAoX+NlX2T/JZmSdCwiChEh0/gQn3qEW52W/Pj3aLKegrRg2OyemfJ2gjKzClL4jQnRyT7AUsSBVPEx1Jc1yIBURstjuSFZasA==;
Received: from [127.0.0.1] by nm48.bullet.mail.gq1.yahoo.com with NNFMP; 28 Oct 2014 19:56:27 -0000
Received: from [98.137.12.62] by nm48.bullet.mail.gq1.yahoo.com with NNFMP; 28 Oct 2014 19:53:27 -0000
Received: from [66.196.81.170] by tm7.bullet.mail.gq1.yahoo.com with NNFMP; 28 Oct 2014 19:53:26 -0000
Received: from [98.139.215.254] by tm16.bullet.mail.bf1.yahoo.com with NNFMP; 28 Oct 2014 19:53:26 -0000
Received: from [127.0.0.1] by omp1067.mail.bf1.yahoo.com with NNFMP; 28 Oct 2014 19:53:26 -0000
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id: 789505.37477.bm@omp1067.mail.bf1.yahoo.com
X-YMail-OSG: U5rqwwIVM1noHV2WPe8CnArRwVVHdigquCfek10.cBrovKwSv3slikJyOB9hwXh bCJhY9aB2lKFzg44uE0SrmPAF57slPJmZwpAIML0QKhYHmagjbDQVEi4ng_5D7HZL4FNmgER_ZAc u1.n1OIO7eoC4YbQO_Cnw4XcTF8bupOpyFL1xjNfzH5_GC7gTkyvcPO75lMIJUa_iFBjD0v2D_KL ZuLisFYKrGYiH06svsa47vRUrLMSpyOj6pKaw5DmaO_9N6AUM_NAjdL6BMbFSuHzEigZTVvZp7ra aNpIdx2Qtdt2_v0UnE3LK.Rt4QcBeoSM.LUMjTo0ajJkTxak.v5P_RosaE1qqBRVX0KLSfVQLPlJ Yr453H5hiOeremlb9Uvqef4kaDgcL3YJPceNjsrBIkPC7U5Rxqd_4GtTK9727TSmTpRUmlhqI0cR .EPJOjLEJpVVROvkNImxY7wxbzTgduvVmWKLEqFdqyUCU9sCq6.TSvi9fbPTZcBPsQMi_HAMH_TS teDqvGbtgTUqs3ZQF2kG0A0uMOB9ETziGqFYgA0DNaEuYVTADfIfVrFMCWXnHk.A-
Received: by 66.196.81.119; Tue, 28 Oct 2014 19:53:26 +0000
Date: Tue, 28 Oct 2014 19:53:25 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: "internet-drafts@ietf.org" <internet-drafts@ietf.org>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Message-ID: <2061250451.14565.1414526005529.JavaMail.yahoo@jws10605.mail.bf1.yahoo.com>
In-Reply-To: <20141026231809.3216.45800.idtracker@ietfa.amsl.com>
References: <20141026231809.3216.45800.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_14564_590347385.1414526005525"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/T7NsMtV5wjmULAegQDTTZglBrOU
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 19:56:30 -0000
The server needs to be able to enforce policy with S256 as being required. This means that you need to add a new error under the OAuth error registry in this spec that allows the server to indicate the required hash.
-bill
On Sunday, October 26, 2014 4:18 PM, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of the IETF.
Title : Symmetric Proof of Possession for the OAuth Authorization Code Grant
Authors : Nat Sakimura
John Bradley
Naveen Agarwal
Filename : draft-ietf-oauth-spop-01.txt
Pages : 11
Date : 2014-10-26
Abstract:
The OAuth 2.0 public client utilizing Authorization Code Grant (RFC
6749 - 4.1) is susceptible to the code interception attack. This
specification describes a mechanism that acts as a control against
this threat.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-spop-01
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-spop-01
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-01.t… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-… Bill Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-… Bill Mills