Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector

Mike Jones <Michael.Jones@microsoft.com> Thu, 04 February 2016 06:25 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65AC21A9109 for <oauth@ietfa.amsl.com>; Wed, 3 Feb 2016 22:25:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u_X2dOBhL9Uc for <oauth@ietfa.amsl.com>; Wed, 3 Feb 2016 22:25:40 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0751.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::751]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B28E41A9100 for <oauth@ietf.org>; Wed, 3 Feb 2016 22:25:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vx+Az//vsynXeAnKiviACOu+VHsFgmIp+g2EDJNyfRw=; b=SFf5Zu9j3F3g7LWPBIO11hcefSqn3wW8vfaQHT9Z3NPDnzbYsfDwNw7hDMpIcMffsouRISSvgGFpWA+klH6tlO/NCKM3QMHd3jy3lZF42RqkC4kVYzjQdYLgAUQDI3GiUyuvGhG8bYx6lG2Qo43QPY+ZxuB4rMXswdx7t2RJX6Y=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) with Microsoft SMTP Server (TLS) id 15.1.396.15; Thu, 4 Feb 2016 06:25:18 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0396.020; Thu, 4 Feb 2016 06:25:18 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector
Thread-Index: AQHRUq89SU72pIQFX0SzljfYyrJnBp8bhBng
Date: Thu, 4 Feb 2016 06:25:18 +0000
Message-ID: <BY2PR03MB442FAFCF5D669C0E584B6FFF5D10@BY2PR03MB442.namprd03.prod.outlook.com>
References: <569E2260.4080904@gmx.net>
In-Reply-To: <569E2260.4080904@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmx.net; dkim=none (message not signed) header.d=none;gmx.net; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.85.157]
x-ms-office365-filtering-correlation-id: 2bc69cb8-ece0-473e-84a5-08d32d2bf3e8
x-microsoft-exchange-diagnostics: 1; BY2PR03MB443; 5:1Ykp1eH4iAFz4ik+jwzSUsk6qgpiiQkC7C4WNHVLj17erdQw+xnwwK4osE5pVqw9e+3jlo4hXqJzEutLHyVw98LzS3ZL0Jcg9FVEjLQNphISeJy8s39Q5hpDamHdEvc4Vn6FwLmAl0eA4ud8hci4bQ==; 24:dkAe5myjCSXeLQMeWHSujq7zu7KBJ4sXciFEknwtgYbqFvmSGnUX4MGL/19GLzaR4yKKContx+eM0TEzT65kD+AmyDLMpeO/L0GbCG41VUc=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB443;
x-microsoft-antispam-prvs: <BY2PR03MB4432D37D2B29A6471FFD3DFF5D10@BY2PR03MB443.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(61426038)(61427038); SRVR:BY2PR03MB443; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443;
x-forefront-prvs: 084285FC5C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(13464003)(53754006)(10090500001)(19580395003)(5001770100001)(2501003)(5003600100002)(40100003)(66066001)(19580405001)(74316001)(99286002)(33656002)(5004730100002)(5002640100001)(76576001)(106116001)(86612001)(50986999)(586003)(92566002)(2900100001)(3660700001)(11100500001)(76176999)(77096005)(15975445007)(87936001)(5008740100001)(2906002)(1096002)(5005710100001)(107886002)(189998001)(1220700001)(10290500002)(3280700002)(2950100001)(3846002)(86362001)(122556002)(6116002)(102836003)(10400500002)(54356999)(5001960100002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB443; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Feb 2016 06:25:18.5817 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB443
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/c94woWf54GJH8tN8Jg8oL1YrG0A>
Subject: Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 06:25:42 -0000

I support adoption of this document by the working group.

				-- Mike

-----Original Message-----
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Tuesday, January 19, 2016 3:48 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector

Hi all,

this is the call for adoption of OAuth 2.0 Security: OAuth Open Redirector, see
https://tools.ietf.org/html/draft-bradley-oauth-open-redirector-02

Please let us know by Feb 2nd whether you accept / object to the adoption of this document as a starting point for work in the OAuth working group.

Note: At the IETF Yokohama we asked for generic feedback about doing security work in the OAuth working group and there was very positive feedback. However, for the adoption call we need to ask for individual documents. Hence, you need to state your view again.

Ciao
Hannes & Derek