Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector

Antonio Sanso <asanso@adobe.com> Thu, 21 January 2016 06:16 UTC

Return-Path: <asanso@adobe.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1806D1B301F for <oauth@ietfa.amsl.com>; Wed, 20 Jan 2016 22:16:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BaGd-qtag2m3 for <oauth@ietfa.amsl.com>; Wed, 20 Jan 2016 22:16:16 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0098.outbound.protection.outlook.com [65.55.169.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F2981B3017 for <oauth@ietf.org>; Wed, 20 Jan 2016 22:16:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adobe.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9kgxxMeIIUOSNVbeWp88fhZ5j0NFffPuCCkdORMwmss=; b=c63ml6GSnSfvGhegLLcRP0uVga1nXFlQIrjyaD1pbQeL33O9jVyqZucIyNzRlLY8BM4Fxvz/weN1rv9Ou7yGSAKSNETCpUZe8r7hZaUzOW5Es/vQ8bMiizbf7TyGJpIQUY/QfzZ3DaTGhekcRzhp0Yj6JZiZsdKJQvJNaTSGOd4=
Received: from BY1PR0201MB1030.namprd02.prod.outlook.com (10.161.203.148) by BY1PR0201MB1031.namprd02.prod.outlook.com (10.161.203.149) with Microsoft SMTP Server (TLS) id 15.1.365.19; Thu, 21 Jan 2016 06:15:59 +0000
Received: from BY1PR0201MB1030.namprd02.prod.outlook.com ([10.161.203.148]) by BY1PR0201MB1030.namprd02.prod.outlook.com ([10.161.203.148]) with mapi id 15.01.0365.024; Thu, 21 Jan 2016 06:15:59 +0000
From: Antonio Sanso <asanso@adobe.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector
Thread-Index: AQHRUq88nYeyDhdTzE+AmxwH/y0zZJ8FiImA
Date: Thu, 21 Jan 2016 06:15:59 +0000
Message-ID: <A4999EA4-A753-411D-93B6-2420427254E4@adobe.com>
References: <569E2260.4080904@gmx.net>
In-Reply-To: <569E2260.4080904@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=asanso@adobe.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [188.61.97.101]
x-microsoft-exchange-diagnostics: 1; BY1PR0201MB1031; 5:5KptGKHJ2HtN/tqAbXgDjZhahGG3TUUMkGJ+OyuZvEiNglS/9HEJpRVDCz7E3PBeuytHjYVkWZPQAf11uMQS9YndQ/xOMptQ+2hOsTGm2gllb77ckIEbTUFSRDhit2MxsT0qjtHHkNc0XPVl9xsh1A==; 24:a1P9bWy94es/CoalxkRIR7C3jAtA2nvx+XuAkz5xuu+DWLWbFTG15K3VvYzucZaeErK0BzUwOj0+EI8GWibB4RmVXo+63fLtJAiou5KekrM=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0201MB1031;
x-ms-office365-filtering-correlation-id: 82a87d36-9070-4ae5-91ce-08d3222a54f6
x-microsoft-antispam-prvs: <BY1PR0201MB10314538A8BA13CC76093B72D9C30@BY1PR0201MB1031.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(520078)(8121501046)(5005006)(3002001)(10201501046)(61426038)(61427038); SRVR:BY1PR0201MB1031; BCL:0; PCL:0; RULEID:; SRVR:BY1PR0201MB1031;
x-forefront-prvs: 08286A0BE2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(189002)(199003)(377454003)(24454002)(53754006)(1096002)(50986999)(40100003)(33656002)(82746002)(10400500002)(4326007)(106356001)(189998001)(122556002)(106116001)(105586002)(1220700001)(101416001)(2906002)(36756003)(99286002)(76176999)(10090500001)(54356999)(11100500001)(5001960100002)(102836003)(110136002)(5002640100001)(3846002)(5008740100001)(15975445007)(66066001)(586003)(5004730100002)(81156007)(92566002)(87936001)(19580405001)(2950100001)(77096005)(19580395003)(2900100001)(86362001)(6116002)(83716003)(97736004)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY1PR0201MB1031; H:BY1PR0201MB1030.namprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: adobe.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-ID: <DB4CDFDA9BC1CD48B4AC9BA720BDB14B@namprd02.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jan 2016 06:15:59.6756 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0201MB1031
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/ZEgWDQlC5525L6c_apCyKK3EL78>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2016 06:16:18 -0000

+1 for adoption
On Jan 19, 2016, at 12:47 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:

> Hi all,
> 
> this is the call for adoption of OAuth 2.0 Security: OAuth Open
> Redirector, see
> https://tools.ietf.org/html/draft-bradley-oauth-open-redirector-02
> 
> Please let us know by Feb 2nd whether you accept / object to the
> adoption of this document as a starting point for work in the OAuth
> working group.
> 
> Note: At the IETF Yokohama we asked for generic feedback about doing
> security work in the OAuth working group and there was very positive
> feedback. However, for the adoption call we need to ask for individual
> documents. Hence, you need to state your view again.
> 
> Ciao
> Hannes & Derek
> 
> 
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth