[OAUTH-WG] Fwd: New Version Notification for draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt
Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de> Tue, 17 November 2020 11:48 UTC
Return-Path: <karsten.meyerzuselhausen@hackmanit.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDB1E3A1113 for <oauth@ietfa.amsl.com>; Tue, 17 Nov 2020 03:48:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hackmanit.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3CL297qnCM2T for <oauth@ietfa.amsl.com>; Tue, 17 Nov 2020 03:48:10 -0800 (PST)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21D483A1130 for <oauth@ietf.org>; Tue, 17 Nov 2020 03:47:52 -0800 (PST)
Received: by mail-wr1-x42a.google.com with SMTP id p1so22825522wrf.12 for <oauth@ietf.org>; Tue, 17 Nov 2020 03:47:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hackmanit.de; s=google; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=AWwg1lqybXTe3gjkMxSFrst7iixrY5tNa+BYeKZ3BwU=; b=H+ryFeyJOBmKhYyXdaZZb8acasF9kwtCAJklPCXu5Wo2OaHmcT+kf7a8TzCRvfSYTm M6yROv+Z5SzsN0jVCBESZT0Cnh/Yv19y0iwUXA+wS6pbL2dU25s5ILfxLmw0F9lFtQJF P4K6LKJrwNLbdrkQLCy6b/mEd4CVCC8jiMApgqxAMT8GgS0vDCXEQbHxqRd3RBbkxzeb Kf7nuHhiZBXLuvX/7RimrOY2m5bHMx9LQ4+CqOTXy7j7CVg+Hyg3EjmbRFpZj8QZQ+vY BTA/SniP0AaSnvoZYe0Nz9pk8iSgyit3kWus3OaBLF4BYiyS9NFp9ZWk5FC0+nrR/rSF PkMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=AWwg1lqybXTe3gjkMxSFrst7iixrY5tNa+BYeKZ3BwU=; b=rSsW9IZD7IoXvEuyOmgEot/wi2IckTqaMcV5ul7LKyDGJ7i+uCs9/cRaP59pTTTzN1 EWWfl2S7dlOja7oEFtCl7zTdaJLD6J2UUE18q3n6MK++rUC5lhgLWRAXAO/5oa8XrEH9 aTFfWDwZEe4pKWvfdDDdb4MIgHM171InTz0iDzpcLcbHStpbqBV+d41jBBzVITHBEK7L vINhW6dPerbH0XebW2RugWt06Q3mbWysXAkIbqXnt2mxLu+8P2LzBhtm4UZrzGRbzCO0 x80D1dRT4kDDXMbPtMTIHG87z6V+epybVulYwyoFunKn6dw7JTO5VXMNoNWO6H1pKXaE yGVw==
X-Gm-Message-State: AOAM530RRnWAArNhVNraglFVXMtoY719K0E+hcAi2TIi+/Y5ni6fGZPK 0nfL1GvrvhWSU4mSLB0aLHV/1PfLMKw8/g==
X-Google-Smtp-Source: ABdhPJz4IOVfkIzGjsMKihPzOqBXtzEsAbJ2WwBOIPGFVlS7UKQnVCTUd6GBv4HxFrYG0YoNrQX/eQ==
X-Received: by 2002:adf:f906:: with SMTP id b6mr24448749wrr.244.1605613670649; Tue, 17 Nov 2020 03:47:50 -0800 (PST)
Received: from [192.168.178.22] (b2b-37-24-87-133.unitymedia.biz. [37.24.87.133]) by smtp.gmail.com with ESMTPSA id n67sm3273122wmf.25.2020.11.17.03.47.49 for <oauth@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Nov 2020 03:47:50 -0800 (PST)
References: <160561332226.11634.7029583323888283532@ietfa.amsl.com>
To: oauth@ietf.org
From: Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de>
X-Forwarded-Message-Id: <160561332226.11634.7029583323888283532@ietfa.amsl.com>
Message-ID: <4b0a35e1-523f-d631-7bfe-7a81c1337f92@hackmanit.de>
Date: Tue, 17 Nov 2020 12:47:49 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.3
MIME-Version: 1.0
In-Reply-To: <160561332226.11634.7029583323888283532@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------9445F8558E5A44908D9CC479"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/XGIyzk2sC129ZUEG4oTvE9HaAjo>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 11:48:13 -0000
Hi all, thank you for your valuable feedback on the last draft version. Daniel and I tried to address all comments in the new version. Changes in -02: * Incorporated WG feedback * Clarifications for unique issuer identifier * Clarifications when multiple issuer identifier could be present * Added note that iss parameter MUST NOT be used with JARM * Added note on error responses and example for error response * Editorial changes We would like to ask you for further feedback and comments on the new draft version. Best regards, Karsten -------- Forwarded Message -------- Subject: New Version Notification for draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt Date: Tue, 17 Nov 2020 03:42:02 -0800 From: internet-drafts@ietf.org To: Karsten zu Selhausen <karsten.meyerzuselhausen@hackmanit.de>, Daniel Fett <mail@danielfett.de>, Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de> A new version of I-D, draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt has been successfully submitted by Karsten Meyer zu Selhausen and posted to the IETF repository. Name: draft-meyerzuselhausen-oauth-iss-auth-resp Revision: 02 Title: OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response Document date: 2020-11-17 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/archive/id/draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt Status: https://datatracker.ietf.org/doc/draft-meyerzuselhausen-oauth-iss-auth-resp/ Html: https://www.ietf.org/archive/id/draft-meyerzuselhausen-oauth-iss-auth-resp-02.html Htmlized: https://tools.ietf.org/html/draft-meyerzuselhausen-oauth-iss-auth-resp-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-meyerzuselhausen-oauth-iss-auth-resp-02 Abstract: This document specifies a new parameter "iss" that is used to explicitly include the issuer identifier of the authorization server in the authorization response of an OAuth authorization flow. If implemented correctly, the "iss" parameter serves as an effective countermeasure to "mix-up attacks". Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- Karsten Meyer zu Selhausen IT Security Consultant Phone: +49 (0)234 / 54456499 Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, Security Training Nehmen Sie an unserer nächsten Live Online-Schulung zur Sicherheit von OAuth und OpenID Connect am 27.01 + 28.01.2021 teil: https://www.hackmanit.de/de/schulungen/127-live-online-schulung-single-sign-on-sicherheit-oauth-openid-connect-am-27-01-28-01-2021 Hackmanit GmbH Universitätsstraße 60 (Exzenterhaus) 44789 Bochum Registergericht: Amtsgericht Bochum, HRB 14896 Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. Christian Mainka, Dr. Marcus Niemietz
- [OAUTH-WG] Fwd: New Version Notification for draf… Karsten Meyer zu Selhausen
- Re: [OAUTH-WG] Fwd: New Version Notification for … Takahiko Kawasaki