From nobody Wed Aug 19 12:23:31 2020 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D42D3A0D7B for ; Wed, 19 Aug 2020 12:23:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4fcKnq7ybhbV for ; Wed, 19 Aug 2020 12:23:28 -0700 (PDT) Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D533A0D79 for ; Wed, 19 Aug 2020 12:23:27 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id m22so26623800ljj.5 for ; Wed, 19 Aug 2020 12:23:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PouhgA6tY5JVGQcwOEl8IlLL1OGSdpezsuGIHVa771s=; b=UKWOvd3NQW5c6YgrAqLxfvJpB7wIUO+OjxO5sAkGeS1eHWBcSPw0JKNmzv8i6iQiQ3 91Ohlmo/2h7urQbK+heTeyOoAwr31ekxdGBIb+nTT0WgA5iWRQb4bPgqKMQjsrzGUZvt cMYi0cI2znrTxGCon2SS4dvX5VZMgiawR8fxBH355mMGrbz2O5MVa6mkTIdQeq0gok0f SYvDmSEcj0FNr+LoO6SvLQNpfxR6odXiVU+8DIcAbG53W2znAzFz4ulgnlhIma15jXuP RGEfJORLbA2jz4pqH7y9Onws08Mb5n39TcmBitLNsLDNdoE788ozoBKwubkWYTvvMrx+ pZRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PouhgA6tY5JVGQcwOEl8IlLL1OGSdpezsuGIHVa771s=; b=JQ3aI4fOR8WY6EWj1ADW6hXnNw/zuW04xzEFZAYTXXdZALO3P9kK8lqsIg0I/MJJqS lZHFDXLagUwmXT7k6wyHjFajiLqHPJcVG7i4s7YxaXV6utoNLqgjjccUZT7oIGVty7yY H+qVnuDnbuXJFTAPRmmpq18Eny0o0yv1S/wftk8JkqGUPLwQo4Lcxj39RXvnymOf8hfw GGoda4sD1QcfdIEJk5C2j5wRWrYASmHwtFjBClCetyaIr80Jxcs5FSBYlQy3OPthelVt Kq1fc8BALCgpa6n4gCdzg317p9sjsWF+RJAYng4r3KNWxCQsT6+NxAaYPm5G42bnJqKU GK+Q== X-Gm-Message-State: AOAM532xXQfSps9J9gi5QNRZpIBTCPXaLQ/YQsQGXeWrIXCtvUFpvRnm OqYDvrIe+8eaecjQsyON9ZTuReKXziLmfTklXDd7Kxqh/hMMWIAykyVz29/nKn3qgjhgiO5i5sx IcR3RHqKUA+6SAg== X-Google-Smtp-Source: ABdhPJyjQGeNfkhxOsct6HAoX/kqXTOnYoG4eDUZW3DZ5bT94mA0sBYAzbkrxEs8cxKyZWMnqMkp5bggzB9VVrUpPgA= X-Received: by 2002:a05:651c:1291:: with SMTP id 17mr13644575ljc.366.1597865005915; Wed, 19 Aug 2020 12:23:25 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Brian Campbell Date: Wed, 19 Aug 2020 13:22:58 -0600 Message-ID: To: Karsten Meyer zu Selhausen Cc: oauth Content-Type: multipart/alternative; boundary="00000000000013c1e505ad3ff05d" Archived-At: Subject: Re: [OAUTH-WG] WGLC on Pushed Authorization Requests draft X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Aug 2020 19:23:30 -0000 --00000000000013c1e505ad3ff05d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thanks for the review, Karsten. We'll incorporate your suggestions into the next revision of the draft. On Wed, Aug 19, 2020 at 3:41 AM Karsten Meyer zu Selhausen < karsten.meyerzuselhausen@hackmanit.de> wrote: > Hi all, > > I have two very small suggestions which I also raised as issues on Github= : > > 1. There are no hints in front of example requests/responses if extra > line breaks are used for display purposes. I think hints such as "(wit= h > extra line breaks for display purposes only)" should be added to the > examples. (#64 > ) > 2. In section 3 there is a typo in step 2. I think it should be "*Vali= date > *the request object signature as specified in JAR > [I-D.ietf-oauth-jwsreq], section 6.2." instead of "*Validates *the > ...". The imperative is used in step 1, as well. (#65 > ) > > Best regards; > Karsten > On 12.08.2020 00:07, Rifaat Shekh-Yusef wrote: > > All, > > This is a WGLC on the *Pushed Authorization Requests *document: > https://www.ietf.org/id/draft-ietf-oauth-par-03.html > > Please, take a look and provide feedback on the list by *August 25th.* > > Regards, > Rifaat & Hannes > > > _______________________________________________ > OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oau= th > > -- > Karsten Meyer zu Selhausen > IT Security Consultant > Phone: +49 (0)234 / 54456499 > Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, = Security Training > > Unsere n=C3=A4chste Live Online-Schulung zur Sicherheit von OAuth und Ope= nID Connect am 24.09 + 25.09:https://hackmanit.de/de/schulungen/109-live-on= line-schulung-single-sign-on-sicherheit-oauth-openid-connect-am-24-und-25-0= 9-2020 > > Hackmanit GmbH > Universit=C3=A4tsstra=C3=9Fe 60 (Exzenterhaus) > 44789 Bochum > > Registergericht: Amtsgericht Bochum, HRB 14896 > Gesch=C3=A4ftsf=C3=BChrer: Prof. Dr. J=C3=B6rg Schwenk, Prof. Dr. Juraj S= omorovsky, Dr. Christian Mainka, Dr. Marcus Niemietz > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > --=20 _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged= =20 material for the sole use of the intended recipient(s). Any review, use,=20 distribution or disclosure by others is strictly prohibited.=C2=A0 If you h= ave=20 received this communication in error, please notify the sender immediately= =20 by e-mail and delete the message and any file attachments from your=20 computer. Thank you._ --00000000000013c1e505ad3ff05d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks for the review, Karsten. We'll incorporate you= r suggestions into the next revision of the draft.

On Wed, Aug 19, 2020= at 3:41 AM Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de> wrot= e:
=20 =20 =20

Hi all,

I have two very small suggestions which I also raised as issues on Github:

  1. There are no hints i= n front of example requests/responses if extra line breaks are used for display purposes. I think hints such as "<= /font>(with extra line breaks = for display purposes only)" should be added to the examples. (= #64)
  2. In section 3 there i= s a typo in step 2. I think it should be "Validate th= e request object signature as specified in JAR [I-D.ietf-oauth-jwsreq], section 6.2." instead of "Validates the ...". The imperative is used in step 1, as well. (#65)=

Best regards;
Karsten

On 12.08.2020 00:07, Rifaat Shekh-Yusef wrote:
=20 
_______________________________________________
OAuth mailing list
OAuth@ietf.org
h=
ttps://www.ietf.org/mailman/listinfo/oauth

--=20
Karsten Meyer zu Selhausen
IT Security Consultant
Phone:	+49 (0)234 / 54456499
Web:	https://hackmanit.d=
e | IT Security Consulting, Penetration Testing, Security Training

Unsere n=C3=A4chste Live Online-Schulung zur Sicherheit von OAuth und OpenI=
D Connect am 24.09 + 25.09:
https://hackmanit.de/de/schulungen/109-live-online-schulung-single-=
sign-on-sicherheit-oauth-openid-connect-am-24-und-25-09-2020

Hackmanit GmbH
Universit=C3=A4tsstra=C3=9Fe 60 (Exzenterhaus)
44789 Bochum

Registergericht: Amtsgericht Bochum, HRB 14896
Gesch=C3=A4ftsf=C3=BChrer: Prof. Dr. J=C3=B6rg Schwenk, Prof. Dr. Juraj Som=
orovsky, Dr. Christian Mainka, Dr. Marcus Niemietz
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

<= span style=3D"margin:0px;padding:0px;border:0px;outline:0px;vertical-align:= baseline;background:transparent;font-family:proxima-nova-zendesk,system-ui,= -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ub= untu,Cantarell,"Helvetica Neue",Arial,sans-serif;font-weight:600"= >CONFIDENTIALITY NOTICE: This email may contain confidenti= al and privileged material for the sole use of the intended recipient(s). A= ny review, use, distribution or disclosure by others is strictly prohibited= .=C2=A0 If you have received this communication in error, please notify the= sender immediately by e-mail and delete the message and any file attachmen= ts from your computer. Thank you. --00000000000013c1e505ad3ff05d--