Re: [OAUTH-WG] [Errata Held for Document Update] RFC6819 (4267)
torsten@lodderstedt.net Thu, 17 December 2015 14:00 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F8151B2C02; Thu, 17 Dec 2015 06:00:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.252
X-Spam-Level:
X-Spam-Status: No, score=-2.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KoNjAlcJMLvP; Thu, 17 Dec 2015 06:00:23 -0800 (PST)
Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.29.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C82601B2B40; Thu, 17 Dec 2015 06:00:22 -0800 (PST)
Received: from [80.67.16.130] (helo=webmail.df.eu) by smtprelay03.ispgateway.de with esmtpa (Exim 4.84) (envelope-from <torsten@lodderstedt.net>) id 1a9Z55-0006U6-40; Thu, 17 Dec 2015 14:58:55 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Thu, 17 Dec 2015 15:00:19 +0100
From: torsten@lodderstedt.net
To: RFC Errata System <rfc-editor@rfc-editor.org>
In-Reply-To: <20151208150508.1B4581832BB@rfc-editor.org>
References: <20151208150508.1B4581832BB@rfc-editor.org>
Message-ID: <1736001e4c00fa68e6f3b232ec59c4de@lodderstedt.net>
X-Sender: torsten@lodderstedt.net
User-Agent: Roundcube Webmail
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/UH9hovziy1qGTmhXP6WtIDRQD_0>
Cc: david.gladstone@nib.co.nz, phil.hunt@yahoo.com, Kathleen.Moriarty@emc.com, iesg@ietf.org, oauth@ietf.org
Subject: Re: [OAUTH-WG] [Errata Held for Document Update] RFC6819 (4267)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 14:00:27 -0000
Hi all, the report is correct. Please consider it an errata to RFC 6819. kind regards, Torsten. Am 08.12.2015 16:05, schrieb RFC Errata System: > The following errata report has been held for document update > for RFC6819, "OAuth 2.0 Threat Model and Security Considerations". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6819&eid=4267 > > -------------------------------------- > Status: Held for Document Update > Type: Editorial > > Reported by: David Gladstone <david.gladstone@nib.co.nz> > Date Reported: 2015-02-09 > Held by: Kathleen Moriarty (IESG) > > Section: 4.4.1.11 > > Original Text > ------------- > If an authorization server includes a nontrivial amount of entropy > > Corrected Text > -------------- > If an authorization server includes a trivial amount of entropy > > Notes > ----- > The threat being described outlines a scenario where too little > entropy is involved; countermeasures include using non-trivial amounts > of entropy. > > -------------------------------------- > RFC6819 (draft-ietf-oauth-v2-threatmodel-08) > -------------------------------------- > Title : OAuth 2.0 Threat Model and Security > Considerations > Publication Date : January 2013 > Author(s) : T. Lodderstedt, Ed., M. McGloin, P. Hunt > Category : INFORMATIONAL > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG
- [OAUTH-WG] [Editorial Errata Reported] RFC6819 (4… RFC Errata System
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC681… Torsten Lodderstedt
- [OAUTH-WG] [Errata Held for Document Update] RFC6… RFC Errata System
- Re: [OAUTH-WG] [Errata Held for Document Update] … torsten
- Re: [OAUTH-WG] [Errata Held for Document Update] … Phil Hunt (IDM)