Re: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607)
Justin Richer <jricher@mit.edu> Mon, 21 August 2023 10:31 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D5BC151555 for <oauth@ietfa.amsl.com>; Mon, 21 Aug 2023 03:31:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bih8TEccUqxF for <oauth@ietfa.amsl.com>; Mon, 21 Aug 2023 03:31:13 -0700 (PDT)
Received: from outgoing-exchange-5.mit.edu (outgoing-exchange-5.mit.edu [18.9.28.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00F3BC14CE27 for <oauth@ietf.org>; Mon, 21 Aug 2023 03:31:12 -0700 (PDT)
Received: from oc11exedge2.exchange.mit.edu (OC11EXEDGE2.EXCHANGE.MIT.EDU [18.9.3.18]) by outgoing-exchange-5.mit.edu (8.14.7/8.12.4) with ESMTP id 37LAUq7x030314; Mon, 21 Aug 2023 06:30:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1692613859; bh=DnK+iPqQiuewyvSksdT48EU/MejMwZWHpIfm/amyZjs=; h=From:Subject:Date:Message-ID:Content-Type:MIME-Version; b=OPxOpLnPZcewzaSRThrjKrW9SVJMwvWG8jfqR53BMghSCfRnKe/uqz0fCT062/sYa 0+b2VZXImwePhubA8zatDsxKifVSojZWiJG2TeZcYB7HNAb1eX98beAMk3RCocXjxO 3iew/619DZaz24h9il6p/2Gu1o1YojiwBYeeRdrO9W5NLadN8ot5CnMEowSNFA8BnT 39VdO1pJN2qGz9D+k6sYqM3Zag/Gv9vSGsgIRRIOYLBoqe8H2bcvKObfIBF+ZCJEfL bPjO2ZmPYZwnzvA6FB+mLr5MiZaTPWSp6Q4qQjeQ7EE0+tTj1JsS9MCYSoiW4MirpA 5apFVmuyKCm0g==
Received: from oc11exhyb4.exchange.mit.edu (18.9.1.100) by oc11exedge2.exchange.mit.edu (18.9.3.18) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 21 Aug 2023 06:30:36 -0400
Received: from oc11exhyb6.exchange.mit.edu (18.9.1.111) by oc11exhyb4.exchange.mit.edu (18.9.1.100) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 21 Aug 2023 06:30:52 -0400
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.168) by oc11exhyb6.exchange.mit.edu (18.9.1.111) with Microsoft SMTP Server (TLS) id 15.0.1497.48 via Frontend Transport; Mon, 21 Aug 2023 06:30:52 -0400
Received: from DM6PR01MB4444.prod.exchangelabs.com (2603:10b6:5:78::15) by PH0PR01MB6666.prod.exchangelabs.com (2603:10b6:510:75::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6699.24; Mon, 21 Aug 2023 10:30:50 +0000
Received: from DM6PR01MB4444.prod.exchangelabs.com ([fe80::7fe8:9de9:e874:3835]) by DM6PR01MB4444.prod.exchangelabs.com ([fe80::7fe8:9de9:e874:3835%4]) with mapi id 15.20.6678.031; Mon, 21 Aug 2023 10:30:45 +0000
From: Justin Richer <jricher@mit.edu>
To: Fulong Sun <sunfulong@neusoft.edu.cn>
CC: RFC Errata System <rfc-editor@rfc-editor.org>, "ietf@justin.richer.org" <ietf@justin.richer.org>, "rdd@cert.org" <rdd@cert.org>, "paul.wouters@aiven.io" <paul.wouters@aiven.io>, "hannes.tschofenig@arm.com" <hannes.tschofenig@arm.com>, "rifaat.s.ietf@gmail.com" <rifaat.s.ietf@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607)
Thread-Index: AQHZ0Tqn4ktTi2pq9kaRPTqpHA5roK/wA6c8gAIz/ACAAlrwAA==
Date: Mon, 21 Aug 2023 10:30:45 +0000
Message-ID: <A680C4D3-B947-4471-A5EC-CCC3D7D0C684@mit.edu>
References: <20230817184251.612BB88BC9@rfcpa.amsl.com> <DM6PR01MB4444552934A1081B162AD281BD1BA@DM6PR01MB4444.prod.exchangelabs.com> <002f01d9d2ed$0ca45a40$25ed0ec0$@neusoft.edu.cn>
In-Reply-To: <002f01d9d2ed$0ca45a40$25ed0ec0$@neusoft.edu.cn>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR01MB4444:EE_|PH0PR01MB6666:EE_
x-ms-office365-filtering-correlation-id: 66c2e27c-61c6-4fc0-0189-08dba231adaa
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 72si26J+mY8J9CSxVA6BRsHthzZycH57gX3j9kcIBvuManV0xVVi6/Yv/D7furUghrxrnqja9Lq6M5jRKMj4GKKvaTWS/xJDkRqc2UUEuQvhzrz2cVRc5E899LFejY1OkKP3zTQHoN6kzO5zYNOTMLKpAuxBhl52+V2sQu2UJea7uyv+llFO2lBN3whNeIx/WQU8nNs3ZUED+svInHwDWGvOA2Bsjz3bf9C+I65QUtFJDfccg5Mno98tBU+5bVxA1l3YVOOw7X3Q6gdZ5Iwa9cWATIwcba5wWFzAFODFNCJSuskeWt3JQapcBIxqGvrpZg2+N3lJXPwgu/u9cneJe6qW5zP78UKaPxtKZ2LJ9i64USw5ZWCATnyGC+rQhFZF4gaG04jFz9ghLOqbKAj8CA3QjqzUAIADK69kXKZNt5c0WQ37vJF1wz89/0TyLLieuNZ+y0tTjNOECSO7rMFFAo3fJ+aB+R9Yo33ujcDx6ojb9pH2KU8NwBqU6EikFJ326VNO0wjQK71lfoisPMVTkQGkigTjckZolw2WE1aZFCDi+kM2CdwVicGisXuUzj2RPNRaBlPlAEMuph0GK6r5Aknz42dqggiH6wfKIFblDo4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR01MB4444.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(366004)(346002)(136003)(39860400002)(396003)(451199024)(186009)(1800799009)(2906002)(83380400001)(53546011)(38100700002)(38070700005)(6506007)(6486002)(166002)(5660300002)(33656002)(26005)(86362001)(8676002)(2616005)(8936002)(4326008)(75432002)(316002)(66946007)(6512007)(64756008)(54906003)(6916009)(66446008)(786003)(66556008)(76116006)(66476007)(91956017)(966005)(478600001)(122000001)(71200400001)(41300700001)(36756003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: BpevqDM5h2XFSuVQsqxIzOgbfsOmqhiW9OnjG5NZEIYi7rGAupMjmPvCwLDkEn7mdpbaz9aCR7sYL+WyzgTFR0LYYjrPk+MI88CEolJ+YS56I/hzVZR3MMq8JVI4pf3XagFzL/3OoHcncy91YagNGSmAWNwPLTqeP+h0n1lCbC90HcGL+Ay+Hxny/kmRKfyNaHcnrDxVUiSFRcx45j5Ui0oDrB1r7Eqb3u8go3Sm4r9iedNB8uYbcWtEtNIl92J+rebFEKTkoobHJbJuoECBcHfv5uPp9BScyT1cm+R9lcRy0Fm7LKgFbuXGjVgFa2L3ArDdr1gslmEmV4zhnBskqGu6usNnBWzeKMuiPrvAT7623+pNhrAaCJSAWWWMaWCqqPuYbCEIaWXj9OItErMwNiAyKshhFfu+W+tCY+Tcf2Lb4++0pT2l+Yz1dTFw/4ERX6RdQUP4MfD5PZ7ReYp85dpH/PuVF2tq5BUYZKeDdpWEOkoLRRzhWCTwJM/+eAcCogX8b/xYnSIO+OZ0PrL0DtkA1sR1r33C4fpZQcukiI8thUlZdjqo6WxX97/ejIN+1et7BvPh/DzuB46mMc+QkLIT1LQV8YC9Ql/DnPUbcGsQpEgKxpr3UrqFyWdUXQKywSpqclNdrp01kX0+O0Pi8o5GB4PWnsLEZ2sqdh+ipNIbXdU/yjHMSpxZCv7FvxwzlV/zuxXQwXlJHZ/baxFkyfz2c3vfDq1Tdqt4jS9B2DnuVCKQFXyrGMyoRPj4wG+cKgxD3nKg+WQwYmARXVeUrM8PWPf5D+z2pVrc3Tyh8extCZ48xETLEgWelRR2qT3CZKl3a7l+hNF0vWi0pC595TPByOWkPW2PHDwCta/q7UQR3D0mv169IgkmSWcVS6QE8bpmy/pNQf1ZyzO1PlXN+vP+umOTAdKZlrFd04pEXB4LDwaFXFk+OJfDXykHfBpZ+zP3CbtjvmL7ATO6YgnE34YuSKmHl55AWUK6wbJ0ym2umY91SeuMWvdv2pfDspiMpcxAOdQd8cLys8XLgbyfafSoygn08HxJqw/1ZOb4ketu7+X0phAVx/2thl+nLgo3+viWhXGM2X7u+Bgg0qGGRzmEXI+vOWmtNMrQI/NYJknCDdTHXWmz/XpVVKydjTMghO6Mgw/lxYDju6rB8Q687CNvkbZ4NhaSkz21vUYnXZJLv7KJV50Nm9b5LAT+m0TVHhohuH55PqHEQSR4DFLQt7anqL7jHLNiktLR1g8aRyplqEVZ53XVtkaOwSufz1N9X4AXNVHJETBEHR1ImSCimFFamxWYTxVG0BRRLNsYvsrkAfwO28wQFRy7smumdjgiEo53LtjrUNpMnxcq02ovx8tbODjwAmhdzXV8QTdIIsTAk/ty5rqZ2+LNf0XfDszl2cWltDLdVA8XamFEt6iDrOH9tiBztmJtm6LRTo+cEQwk6lbwPZhPxvjylawQja8+D+Ge4YhAC7vn2NLwkCwV107QidNKuHDIquzJ5Fs5TUbVBuzbe/pXIqQjSY5LLc7iL3lgnB0Q+G0FUzqx1ohwB+pmTnnIwi9qVagXahKCpAefbmX9IUOj65kBAwkwjDCQ
Content-Type: multipart/alternative; boundary="_000_A680C4D3B9474471A5ECCCC3D7D0C684mitedu_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR01MB4444.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 66c2e27c-61c6-4fc0-0189-08dba231adaa
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2023 10:30:45.3585 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lr7ogDMNwn9oOsN9Lb3agVcF+EIKFZrf4InJqEO1FL2xVG0ynzyOznm8KAUc0gDM
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB6666
X-OriginatorOrg: mit.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/WvNwYYKbuIfNAumKGtVlSbSdTj8>
Subject: Re: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Aug 2023 10:31:17 -0000
I don’t think it’s necessary to enumerate all of the possible parties that could have had a hand in revoking the token — it have also been revoked by the AS through some backend process or through administrative action. If a token is revoked, it’s revoked — and the RS doesn’t generally care why or who did it, just that the token is no good. It doesn’t hurt to list the client here, but it’s not necessary. As such, I still say the errata should be rejected. — Justin On Aug 19, 2023, at 6:32 PM, Fulong Sun <sunfulong@neusoft.edu.cn> wrote: Hi Justin, Yes, the resource owner can revoke, but the client also can revoke the token, why do not write both of them? 孙福龙 Fulong Sun 东软教育科技集团・IDC IDC of Neusoft Education Technology Group Office: +86 (411) 82379410 -9 / 6602 Mobile: +86 13478953390 E-mail: sunfulong@neusoft.edu.cn<mailto:sunfulong@neusoft.edu.cn> Address: Room 305, Building A5, No. 8, Software Park Road, Dalian, Liaoning, China From: Justin Richer <jricher@mit.edu> Sent: 2023年8月18日 20:54 To: RFC Errata System <rfc-editor@rfc-editor.org>; ietf@justin.richer.org; rdd@cert.org; paul.wouters@aiven.io; hannes.tschofenig@arm.com; rifaat.s.ietf@gmail.com Cc: sunfulong@neusoft.edu.cn; oauth@ietf.org Subject: Re: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607) The resource owner can revoke the token out of band, this errata should be rejected. - Justin ________________________________ From: OAuth <oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org>> on behalf of RFC Errata System <rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org>> Sent: Thursday, August 17, 2023 2:42 PM To: ietf@justin.richer.org<mailto:ietf@justin.richer.org> <ietf@justin.richer.org<mailto:ietf@justin.richer.org>>; rdd@cert.org<mailto:rdd@cert.org> <rdd@cert.org<mailto:rdd@cert.org>>; paul.wouters@aiven.io<mailto:paul.wouters@aiven.io><paul.wouters@aiven.io<mailto:paul.wouters@aiven.io>>; hannes.tschofenig@arm.com<mailto:hannes.tschofenig@arm.com> <hannes.tschofenig@arm.com<mailto:hannes.tschofenig@arm.com>>; rifaat.s.ietf@gmail.com<mailto:rifaat.s.ietf@gmail.com><rifaat.s.ietf@gmail.com<mailto:rifaat.s.ietf@gmail.com>> Cc: sunfulong@neusoft.edu.cn<mailto:sunfulong@neusoft.edu.cn> <sunfulong@neusoft.edu.cn<mailto:sunfulong@neusoft.edu.cn>>; oauth@ietf.org<mailto:oauth@ietf.org> <oauth@ietf.org<mailto:oauth@ietf.org>>; rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org><rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org>> Subject: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607) The following errata report has been submitted for RFC7662, "OAuth 2.0 Token Introspection". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7607 -------------------------------------- Type: Technical Reported by: Fulong Sun <sunfulong@neusoft.edu.cn<mailto:sunfulong@neusoft.edu.cn>> Section: 2.2 Original Text ------------- a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity Corrected Text -------------- a given token has been issued by this authorization server, has not been revoked by the resource owner or client, and is within its given time window of validity Notes ----- RFC 7009 defined a given token can be revoke by client, so should write client here. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC7662 (draft-ietf-oauth-introspection-11) -------------------------------------- Title : OAuth 2.0 Token Introspection Publication Date : October 2015 Author(s) : J. Richer, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] [Technical Errata Reported] RFC7662 (7… RFC Errata System
- Re: [OAUTH-WG] [Technical Errata Reported] RFC766… Justin Richer
- Re: [OAUTH-WG] [Technical Errata Reported] RFC766… Justin Richer
- Re: [OAUTH-WG] [Technical Errata Reported] RFC766… Warren Parad