[OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-security-topics-00.txt
Torsten Lodderstedt <torsten@lodderstedt.net> Sun, 13 November 2016 15:10 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1FB4129670 for <oauth@ietfa.amsl.com>; Sun, 13 Nov 2016 07:10:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jsfBT8xtpU1O for <oauth@ietfa.amsl.com>; Sun, 13 Nov 2016 07:10:46 -0800 (PST)
Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.31.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0BE012950A for <oauth@ietf.org>; Sun, 13 Nov 2016 07:10:45 -0800 (PST)
Received: from [80.140.198.142] (helo=[10.8.0.6]) by smtprelay03.ispgateway.de with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.84) (envelope-from <torsten@lodderstedt.net>) id 1c5wQd-0005Eh-JE for oauth@ietf.org; Sun, 13 Nov 2016 16:10:44 +0100
References: <147904932421.5603.18087367198758224042.idtracker@ietfa.amsl.com>
To: "oauth@ietf.org" <oauth@ietf.org>
From: Torsten Lodderstedt <torsten@lodderstedt.net>
X-Forwarded-Message-Id: <147904932421.5603.18087367198758224042.idtracker@ietfa.amsl.com>
Message-ID: <5828826E.2090600@lodderstedt.net>
Date: Mon, 14 Nov 2016 00:10:38 +0900
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <147904932421.5603.18087367198758224042.idtracker@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------030709020701030809010004"
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UeuskA1rrtTebBi0NV4IrfT7Imw>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-security-topics-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Nov 2016 15:10:49 -0000
Hi all, I just uploaded the first version of a security document we have been talking about since Berlin. It is intended to be a tool to help us to systematically address all open topics re OAuth security. I will present the draft in the meeting on Wednesday. I would like to ask anybody to review the document upfront, so we can have a productive discussion about the further work. If you cannot be in the meeting, please give feedback to the list. Thanks to Andrey and John for being co-authors. best regards, Torsten. -------- Weitergeleitete Nachricht -------- Betreff: New Version Notification for draft-lodderstedt-oauth-security-topics-00.txt Datum: Sun, 13 Nov 2016 07:02:04 -0800 Von: internet-drafts@ietf.org An: Torsten Lodderstedt <torsten@lodderstedt.net>, Andrey Labunets <isciurus@fb.com>, John Bradley <ve7jtb@ve7jtb.com> A new version of I-D, draft-lodderstedt-oauth-security-topics-00.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Name: draft-lodderstedt-oauth-security-topics Revision: 00 Title: OAuth Security Topics Document date: 2016-11-12 Group: Individual Submission Pages: 15 URL: https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-security-topics-00.txt Status: https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-security-topics/ Htmlized: https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00 Abstract: This draft gives a comprehensive overview on open OAuth security topics. It is intended to serve as a tool for the OAuth working group to systematically address these open security topics, recommending mitigations, and potentially also defining OAuth extensions needed to cope with the respective security threats. This draft will potentially become a BCP over time. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [OAUTH-WG] Fwd: New Version Notification for draf… Torsten Lodderstedt