[OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-security-topics-00.txt

Torsten Lodderstedt <torsten@lodderstedt.net> Sun, 13 November 2016 15:10 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id F1FB4129670 for <oauth@ietfa.amsl.com>; Sun, 13 Nov 2016 07:10:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id jsfBT8xtpU1O for <oauth@ietfa.amsl.com>; Sun, 13 Nov 2016 07:10:46 -0800 (PST)
Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0BE012950A for <oauth@ietf.org>; Sun, 13 Nov 2016 07:10:45 -0800 (PST)
Received: from [] (helo=[]) by smtprelay03.ispgateway.de with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.84) (envelope-from <torsten@lodderstedt.net>) id 1c5wQd-0005Eh-JE for oauth@ietf.org; Sun, 13 Nov 2016 16:10:44 +0100
References: <147904932421.5603.18087367198758224042.idtracker@ietfa.amsl.com>
To: "oauth@ietf.org" <oauth@ietf.org>
From: Torsten Lodderstedt <torsten@lodderstedt.net>
X-Forwarded-Message-Id: <147904932421.5603.18087367198758224042.idtracker@ietfa.amsl.com>
Message-ID: <5828826E.2090600@lodderstedt.net>
Date: Mon, 14 Nov 2016 00:10:38 +0900
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <147904932421.5603.18087367198758224042.idtracker@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------030709020701030809010004"
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UeuskA1rrtTebBi0NV4IrfT7Imw>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-security-topics-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Nov 2016 15:10:49 -0000

Hi all,

I just uploaded the first version of a security document we have been 
talking about since Berlin. It is intended to be a tool to help us to 
systematically address all open topics re OAuth security. I will present 
the draft in the meeting on Wednesday. I would like to ask anybody to 
review the document upfront, so we can have a productive discussion 
about the further work. If you cannot be in the meeting, please give 
feedback to the list.

Thanks to Andrey and John for being co-authors.

best regards,

-------- Weitergeleitete Nachricht --------
Betreff: 	New Version Notification for 
Datum: 	Sun, 13 Nov 2016 07:02:04 -0800
Von: 	internet-drafts@ietf.org
An: 	Torsten Lodderstedt <torsten@lodderstedt.net>, Andrey Labunets 
<isciurus@fb.com>, John Bradley <ve7jtb@ve7jtb.com>

A new version of I-D, draft-lodderstedt-oauth-security-topics-00.txt
has been successfully submitted by Torsten Lodderstedt and posted to the
IETF repository.

Name:		draft-lodderstedt-oauth-security-topics
Revision:	00
Title:		OAuth Security Topics
Document date:	2016-11-12
Group:		Individual Submission
Pages:		15
URL:            https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-security-topics-00.txt
Status:         https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-security-topics/
Htmlized:       https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00

    This draft gives a comprehensive overview on open OAuth security
    topics.  It is intended to serve as a tool for the OAuth working
    group to systematically address these open security topics,
    recommending mitigations, and potentially also defining OAuth
    extensions needed to cope with the respective security threats.  This
    draft will potentially become a BCP over time.


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat