[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-03.txt
Brian Campbell <bcampbell@pingidentity.com> Fri, 28 July 2017 18:34 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA28D132026 for <oauth@ietfa.amsl.com>; Fri, 28 Jul 2017 11:34:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.74
X-Spam-Level:
X-Spam-Status: No, score=-1.74 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VgoakRSgM-Ae for <oauth@ietfa.amsl.com>; Fri, 28 Jul 2017 11:34:16 -0700 (PDT)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64914131D69 for <oauth@ietf.org>; Fri, 28 Jul 2017 11:34:16 -0700 (PDT)
Received: by mail-pf0-x22e.google.com with SMTP id q85so98729961pfq.1 for <oauth@ietf.org>; Fri, 28 Jul 2017 11:34:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=XVRCxH2gVtqNA/rz+H2sM4ROoApqX9sslWFrNtWbe18=; b=ht+Mx5vi3unne4bEjz2IILCjRbIb6WC0e/1NPaJoUC1dJXkza2DN9eKwNyKPgyyPtU 6Ul1AErWZ36FypLXpQQ4/aNV0S/1NpxxrL4hlkeo+LKmls+WMkDjJBoKpRotbN8w+v2G 2Pj8YLHGHBGlQKlcQp6REBMO5qlOv4ObuniDE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=XVRCxH2gVtqNA/rz+H2sM4ROoApqX9sslWFrNtWbe18=; b=eBlmL1EOjBkvDSenevkECZhdqO0WHYdjiryVrX4328ATzYdXyFxh4MKWYUSKMaGypz oqC2+huRL5QNxE/6jhThei4PFNrVCgzKp9RrtEejEk0gom90ynY2dv0XnXvndxO8Mtas eEEMn4j1X43rRHwaQOqDKh8dnevotUpJRZR3CKG32PCFOFLZJqaXxXUdkQIobH+tEg4R oUfAhR4dWQhv6pnh+KfkA4aEpMWq1rX3/yreLf+DeGVQQv49+hdzSTtrv1T/GegxtDcz Yw/jFobxK+4ISJK7YrJlX5SEGPU44ejYu7uSgYP1w4NEy+adTnspHpTZTUBD18ySJsJa cV5g==
X-Gm-Message-State: AIVw110FGY4Y95/zTLnEb0Ste5b8yGCrqwuI9P/cDaSuWNHY7nZQhKQ7 /BHwd4p70vmapl3NNmIFe0E0fK/ESG+TGflWJ0pTFtZ0Q271bwmPNTF/FTKavj+hxU0ykH2LPqj cXDpz
X-Received: by 10.99.67.2 with SMTP id q2mr8291858pga.332.1501266855741; Fri, 28 Jul 2017 11:34:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.145.87 with HTTP; Fri, 28 Jul 2017 11:33:45 -0700 (PDT)
In-Reply-To: <150126635076.25225.3854025136006448469@ietfa.amsl.com>
References: <150126635076.25225.3854025136006448469@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 28 Jul 2017 12:33:45 -0600
Message-ID: <CA+k3eCThoxNM394K=it4vCL2k-BW68Lg73eTN=4Z3LrupbXtVw@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c08da74a66cfd055564ed4d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/aYk3hgiapj33MTWlR99d7X3jW5Q>
Subject: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 18:34:19 -0000
A new draft of "Mutual TLS Profile for OAuth 2.0" has been published with the changes listed below based on comments and dissuasion in Prague. draft-ietf-oauth-mtls-03 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-03> o Introduced metadata and client registration parameter to publish and request support for mutual TLS sender constrained access tokens o Added description of two methods of binding the cert and client, PKI and Public Key. o Indicated that the "tls_client_auth" authentication method is for the PKI method and introduced "pub_key_tls_client_auth" for the Public Key method o Added implementation considerations, mainly regarding TLS stack configuration and trust chain validation, as well as how to to do binding of access tokens to a TLS client certificate for public clients, and considerations around certificate bound access tokens o Added new section to security considerations on cert spoofing o Add text suggesting that a new cnf member be defined in the future, if hash function(s) other than SHA-256 need to be used for certificate thumbprints ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: Fri, Jul 28, 2017 at 12:25 PM Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-03.txt To: i-d-announce@ietf.org Cc: oauth@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : Mutual TLS Profile for OAuth 2.0 Authors : Brian Campbell John Bradley Nat Sakimura Torsten Lodderstedt Filename : draft-ietf-oauth-mtls-03.txt Pages : 17 Date : 2017-07-28 Abstract: This document describes Transport Layer Security (TLS) mutual authentication using X.509 certificates as a mechanism for OAuth client authentication to the token endpoint as well as for certificate bound sender constrained access tokens. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-mtls-03 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
- [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-03.t… internet-drafts
- [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-… Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-… John Bradley
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Vladimir Dzhuvinov
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-… Vladimir Dzhuvinov
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Brian Campbell
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Vladimir Dzhuvinov
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Brian Campbell
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… John Bradley
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Vladimir Dzhuvinov
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… John Bradley
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Salz, Rich
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-… Justin Richer
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Vladimir Dzhuvinov
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Vladimir Dzhuvinov