Re: [OAUTH-WG] RFC 6819 on OAuth 2.0 Threat Model and Security Considerations
Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 10 January 2013 06:28 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 206B521F869F for <oauth@ietfa.amsl.com>; Wed, 9 Jan 2013 22:28:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6pSN+ocantIH for <oauth@ietfa.amsl.com>; Wed, 9 Jan 2013 22:28:28 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id B72AF21F8681 for <oauth@ietf.org>; Wed, 9 Jan 2013 22:28:27 -0800 (PST)
Received: from mailout-de.gmx.net ([10.1.76.20]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0M7FLk-1T5BVc1goQ-00x3te for <oauth@ietf.org>; Thu, 10 Jan 2013 07:28:26 +0100
Received: (qmail invoked by alias); 10 Jan 2013 06:28:26 -0000
Received: from a88-115-219-140.elisa-laajakaista.fi (EHLO [192.168.100.107]) [88.115.219.140] by mail.gmx.net (mp020) with SMTP; 10 Jan 2013 07:28:26 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18ZuGFVcQwZlEvGAZnw695ghbuttDwohk8axImszN UjioO1iom5YrM2
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366A097E6@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Thu, 10 Jan 2013 08:28:22 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <57457A75-394C-487B-AF54-CB7A0948E703@gmx.net>
References: <20130107214016.94851B1E007@rfc-editor.org> <4E1F6AAD24975D4BA5B168042967394366A097E6@TK5EX14MBXC283.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1085)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] RFC 6819 on OAuth 2.0 Threat Model and Security Considerations
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2013 06:28:29 -0000
Thanks for the hard work! On Jan 9, 2013, at 11:51 PM, Mike Jones wrote: > Congratulations on this achievement, guys! > > -- Mike > > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of rfc-editor@rfc-editor.org > Sent: Monday, January 07, 2013 1:40 PM > To: ietf-announce@ietf.org; rfc-dist@rfc-editor.org > Cc: oauth@ietf.org; rfc-editor@rfc-editor.org > Subject: [OAUTH-WG] RFC 6819 on OAuth 2.0 Threat Model and Security Considerations > > > A new Request for Comments is now available in online RFC libraries. > > > RFC 6819 > > Title: OAuth 2.0 Threat Model and > Security Considerations > Author: T. Lodderstedt, Ed., > M. McGloin, > P. Hunt > Status: Informational > Stream: IETF > Date: January 2013 > Mailbox: torsten@lodderstedt.net, > mark.mcgloin@ie.ibm.com, > phil.hunt@yahoo.com > Pages: 71 > Characters: 158332 > Updates/Obsoletes/SeeAlso: None > > I-D Tag: draft-ietf-oauth-v2-threatmodel-08.txt > > URL: http://www.rfc-editor.org/rfc/rfc6819.txt > > This document gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification, based on a comprehensive threat model for the OAuth 2.0 protocol. This document is not an Internet Standards Track specification; it is published for informational purposes. > > This document is a product of the Web Authorization Protocol Working Group of the IETF. > > > INFORMATIONAL: This memo provides information for the Internet community. > It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. > > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > http://www.ietf.org/mailman/listinfo/ietf-announce > http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist > > For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. > For downloading RFCs, see http://www.rfc-editor.org/rfc.html. > > Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. > > > The RFC Editor Team > Association Management Solutions, LLC > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] RFC 6819 on OAuth 2.0 Threat Model and… rfc-editor
- Re: [OAUTH-WG] RFC 6819 on OAuth 2.0 Threat Model… Mike Jones
- Re: [OAUTH-WG] RFC 6819 on OAuth 2.0 Threat Model… Hannes Tschofenig
- Re: [OAUTH-WG] RFC 6819 on OAuth 2.0 Threat Model… Torsten Lodderstedt