[OAUTH-WG] Mailing List for submitting OAuth Security and Vulnerability Reports

Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 12 January 2016 15:53 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF2171B2AD5 for <oauth@ietfa.amsl.com>; Tue, 12 Jan 2016 07:53:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D5LfwprVb0ZJ for <oauth@ietfa.amsl.com>; Tue, 12 Jan 2016 07:53:09 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B18B61B2ACB for <oauth@ietf.org>; Tue, 12 Jan 2016 07:52:53 -0800 (PST)
Received: from [192.168.10.141] ([83.65.147.98]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0LzKyn-1a5jWs2sXh-014WK0 for <oauth@ietf.org>; Tue, 12 Jan 2016 16:52:51 +0100
To: "oauth@ietf.org" <oauth@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <56952158.8020509@gmx.net>
Date: Tue, 12 Jan 2016 16:52:56 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="PJ6HfqFdS28J8x0iG5kCa5j9whJAkRGFB"
X-Provags-ID: V03:K0:/0dRG8Pa9SisL88waA3LU89NsxmqIGLCnewK6s+eZUaAOzq8ejp 9GqxeXSB5JPVqq44Rz3+VprizMKZOVq1X+h52eJIbBJhJEIzrDVy7m0Pc+cu9R232oL9q48 VD5WFDMmDjfVC1nf+1/Bwvyzomb00EGGv4gHXmAXqhHPZIqvM7BbKpUy8Tv/WVCewlH7q9W SAWV5KN7IVLoNjpOcVDZw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:R0Pr8c+2Us4=:0UoRKKRF3dBqRN26bMzuNA rVw8E9ElkvO+WiNC47QqMa8/EBYx6a/A0stxaj0lKRaanZLWC31Hjx+V+a9oohSGLAp6TBlem +EFV2x3BApikPvP4OXe5wH1dlrWKp8Ar+HEcp8V/7pXSmkbBT6/Xd5dy8P0XBUihO/lv6cAsy RBduonrEOKoFmJQKBtgtSX1Z+/FmcqgyIIPp/DDfJN27GgDDKdtbtHd9MUowlfOZVRmSfy01B C/7LtfC8YTEAzFibv6Fg0+W8zbz5D7S+EILqNObumSu4ov9OTiyqThsAWG1cPKbl6WKLofHTu 5E5v9jkeq3JLxYqZeAY9zZloKno0EK8paemzwoGuufPsMaKqgihnVSmGwdsAAFspro+pGlSVh oMbQ0hfOmg/g8vPpe8AbNwVv6rASfRjcAL9hkDRdl+iFrgEuBhFlsybCFcKIqAVTFbpeihEuB Xj/pdIaPPU6E5W1wjeZ8IUHPrLNzKchs8/cpDdp1g6uvin54ULOFpLjWyb9RaL31xux3rdVsK fV4zWWefLK8AjPxKnbzeXLfNCYgXdxmyAavoWx3i/dCCuiXa3DAcNrD7qnmhGqulMGNxR/ukg aQI8X23M0nPo186Xp2lpCVIDD5frDNtbxKsDUIhmWL6aX8PoyOWjRv9dwPf1yOcqycgtbV4TK gsse1K0ofpH6uXIMMg9KDbKppithZLBhD+vI2NhYO3h9HP6DgL7PQKGDMJIa0yvKN+F8zbbxU ffte1dZd3I41Ml30mSVLILTTIfCy5fgEJkM2WqyJx7rYHSodbS4PWSgId3U=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/_3JD6HUHuZTDhATc8YaYPxKtvo8>
Subject: [OAUTH-WG] Mailing List for submitting OAuth Security and Vulnerability Reports
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 15:53:11 -0000

Hi all,

you may have seen (from the announcement sent by the secretary) that we
have requested the creation of a new mailing list, namely
<oauth-security-reports AT ietf.org>. We want to use this list as an
"entry point" for others to submit vulnerability reports and other
security problems related to OAuth.

Because of the nature of such reports this list it is not public.

You cannot subscribe to the list yourself. Instead, the OAuth working
group chairs will invite experts to join this list and the number of
persons on that list will be very small.

We will put the information about the mailing list to the OAuth WG page
and advertise it as widely as possible to reach out to security
researchers and other security experts.

Ciao
Hannes & Derek