[OAUTH-WG] Review of draft-ietf-oauth-pop-key-distribution-00
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Thu, 28 August 2014 08:09 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AC591A0717 for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 01:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.168
X-Spam-Level:
X-Spam-Status: No, score=-15.168 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A-owcMlmMJPb for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 01:09:51 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F68C1A0712 for <oauth@ietf.org>; Thu, 28 Aug 2014 01:09:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5033; q=dns/txt; s=iport; t=1409213391; x=1410422991; h=from:to:subject:date:message-id:mime-version; bh=6Vk7L4IJ1HCpuTWAMOKnd7jP58d9lwNq14swzlYJsQU=; b=Qq438NIsyQl3edYctJhKCfKdP3RMHvI8MyDDsvccP6QwkB33mVM6ZDMp IF6Q8zz0uIX98AVjSaGKYBuvinQVqn7WYgerjellsyMvzU4rcuO2+JTGt C7GcmWfva1iJHt1GINe4Ryi7T1isJU/8pwnLSv9x4tjIkGcZUAxtq5WGf U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AoQHAIDj/lOtJA2M/2dsb2JhbABbgkdGU1gDykGBZYdPAYEaFneEBQEELV4BKlYmAQQbiDoNmw+jaRePG4NngR0FkS+ELYhXkz+DXoI0gQcBAQE
X-IronPort-AV: E=Sophos;i="5.04,416,1406592000"; d="scan'208,217";a="350906753"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-3.cisco.com with ESMTP; 28 Aug 2014 08:09:26 +0000
Received: from xhc-rcd-x04.cisco.com (xhc-rcd-x04.cisco.com [173.37.183.78]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s7S89Q3N003042 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <oauth@ietf.org>; Thu, 28 Aug 2014 08:09:26 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.68]) by xhc-rcd-x04.cisco.com ([fe80::200:5efe:173.37.183.34%12]) with mapi id 14.03.0195.001; Thu, 28 Aug 2014 03:09:26 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Review of draft-ietf-oauth-pop-key-distribution-00
Thread-Index: Ac/Cl1+ieRScCmnqQtOURP7L95jVJg==
Date: Thu, 28 Aug 2014 08:09:25 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A2831D261@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.49.215]
Content-Type: multipart/alternative; boundary="_000_913383AAA69FF945B8F946018B75898A2831D261xmbrcdx10ciscoc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/WIQQEMkBqPTsiRHWtB6byigvUis
Subject: [OAUTH-WG] Review of draft-ietf-oauth-pop-key-distribution-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2014 08:09:53 -0000
My comments 1)Is audience parameter mandatory when handle token used ? 2)The value included in the aud parameter may not always be an absolute URI. For example refer to Figure 2 in http://tools.ietf.org/html/draft-ietf-tram-turn-third-party-authz-02 3)What are the mitigations RS would use to handle a scenario where there is a DDOS attack from clients sending invalid self-contained or handle tokens ? 4) Step (2): When the client interacts with the token endpoint to obtain an access token it MUST populate the newly defined 'audience' parameter with the information obtained in step (0). Nit> Replace 'audience' with 'aud' 5)Figure 3 Comment> Please explain what kty, kid, and k mean ? Cheers, -Tiru
- [OAUTH-WG] Review of draft-ietf-oauth-pop-key-dis… Tirumaleswar Reddy (tireddy)