Re: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-01.txt

Brian Campbell <bcampbell@pingidentity.com> Sat, 02 May 2020 12:15 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD58E3A0FD7 for <oauth@ietfa.amsl.com>; Sat, 2 May 2020 05:15:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vI6LwzkKd2gz for <oauth@ietfa.amsl.com>; Sat, 2 May 2020 05:15:08 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BDD03A0FED for <oauth@ietf.org>; Sat, 2 May 2020 05:15:07 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id l11so5836921lfc.5 for <oauth@ietf.org>; Sat, 02 May 2020 05:15:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=zpREfhF5FI9rTUTIkU5IQUH9OfvKuZhh6P9xFlAwMlg=; b=Ul8+fGneHMLstUl/uINRt0Fo02hOhPA63h98n4wNSs3G++NIQ0OIcO+yp7xo4ykY7+ 6m7uvzUQEwQ4qqVH3ncfz+ew3+YY6l5QcJYp/hM4HCiKCu3On5kIXrY9U+jCoYDnZdms yzSvMBcR6fLtDzYdjVKlyewzeRB2n+1qoi8nkOeW3M4De8fTv0R4iAJ8mw3FhQV9pVXf ztog9VgXOVz/ZSF5T2TZVd8b7e3uKjq2t2NE0AhGunAEoN88NoNfqD+o/BKS+LsLRe1t E8gLO6ykDI9LRa+QaooZVjP4SfC4u5Qkekyts5+feagisd93VI7UzPUqGHI1KkIOti+k NtPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=zpREfhF5FI9rTUTIkU5IQUH9OfvKuZhh6P9xFlAwMlg=; b=pcYIwp10X3u4RbAqDIu68nyFGIxqRLvHt9Ya28vGBhxGGafVw8NeWLGcuOf3gsj7Wh O6GkBDdjNRYxr1zHghtCep/Fu73RmdN8wrx0LNb611YUK7Mlnse/nrmJehRHBSwj3xkD ac/R5x/GGbE1I7iIhZpqokb870tOy2NyDcNmgFVDnhKlEJnuWYjiUjTSoXuiyk0nlBl/ QxxSxI8HM7pPK7qBkR2nLVckvkE7t8upzeo4IzMlPBPJnUoujf42ABVpKMLndP7wtLZg 7Z7lYuvD+1VORXjxxgm/yxugNhC0LeqFo19dgyri3GwoMLqJy76zKc1Z4WiDOwObwkta BFqw==
X-Gm-Message-State: AGi0Pubk/oaDDbxPth040WFEqfnr0otR+e+f3eB/pBRjw7yu4Ad5SpuL jBJpJQI7ViOhQKTWLdt+EpzlnRiZssMqsh7TPr5RnzGkfyF+uQfhaGETAZdE75Ufl5AMrAwx7yA buLFJEK4O3ZW7HdS1BUI=
X-Google-Smtp-Source: APiQypIselgdxxNlDYNj+Qbp2p43qTamP5uySGa1CCAXvxWwtQd3eKBa6dhfUJ3H0wPdcHaro+5JPc5whDW3pDT1AQo=
X-Received: by 2002:a05:6512:48d:: with SMTP id v13mr5373421lfq.196.1588421706099; Sat, 02 May 2020 05:15:06 -0700 (PDT)
MIME-Version: 1.0
References: <158835743733.12112.7484502726888997082@ietfa.amsl.com> <CA+k3eCQTVqX8wv6-4vX9=0LQZ8wQO+43kiESAM4ChriM=eHUVA@mail.gmail.com> <d210457f-ff4b-f26e-22ba-5e835dd3e7d5@free.fr>
In-Reply-To: <d210457f-ff4b-f26e-22ba-5e835dd3e7d5@free.fr>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Sat, 2 May 2020 06:14:39 -0600
Message-ID: <CA+k3eCQzYUkBoGHdiX-a2hwAE6r_+6qJaVDNU4EetpPWsp5QFQ@mail.gmail.com>
To: Denis <denis.ietf@free.fr>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008bc3c205a4a93f70"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/dHbpad-gorsk7S5BsNzvIi1Zpdw>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 May 2020 12:15:12 -0000

There was a link to the meeting info in an email I sent to the list earlier
in the day:
https://mailarchive.ietf.org/arch/msg/oauth/hpfcCk9EHKkOmruBN5VZwoyW9WQ/

Also https://datatracker.ietf.org/meeting/upcoming is the “official page”
of upcoming meetings (OAuth, or otherwise) that has webex and other info on
all secluded upcoming meetings.


On Sat, May 2, 2020 at 2:14 AM Denis <denis.ietf@free.fr> wrote:

> Hello Brian,
>
> I browsed through the received emails but I could not find the information
> about how to join the Monday interim meeting.
>
> Would you be able to send it or to recall it to the list ?
>
> Thanks,
>
> Denis
>
> I've pushed out a -01 revision of DPoP hopefully allowing folks enough
> time to read it before the interim meeting on Monday
> (apologies that it wasn't sooner but the edits took longer than expected
> or hoped). For ease of reference the changes in this revision
> are summarized below. There are, of course, still outstanding issues and
> discussion points that I hope to make some progress
> on during the interim meeting on Monday.
>
>    -01
>
>    *  Editorial updates
>    *  Attempt to more formally define the DPoP Authorization header
>       scheme
>    *  Define the 401/WWW-Authenticate challenge
>    *  Added "invalid_dpop_proof" error code for DPoP errors in token
>       request
>    *  Fixed up and added to the IANA section
>    *  Added "dpop_signing_alg_values_supported" authorization server
>       metadata
>    *  Moved the Acknowledgements into an Appendix and added a bunch of
>       names (best effort)
>
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf..org <internet-drafts@ietf.org>>
> Date: Fri, May 1, 2020 at 12:24 PM
> Subject: New Version Notification for draft-ietf-oauth-dpop-01.txt
> To: Torsten Lodderstedt <torsten@lodderstedt.net>et>, David Waite <
> david@alkaline-solutions.com>gt;, John Bradley <ve7jtb@ve7jtb.com>om>, Brian
> Campbell <bcampbell@pingidentity.com>om>, Daniel Fett <mail@danielfett.de>de>,
> Michael Jones <mbj@microsoft.com>
>
>
>
> A new version of I-D, draft-ietf-oauth-dpop-01.txt
> has been successfully submitted by Brian Campbell and posted to the
> IETF repository.
>
> Name:           draft-ietf-oauth-dpop
> Revision:       01
> Title:          OAuth 2.0 Demonstration of Proof-of-Possession at the
> Application Layer (DPoP)
> Document date:  2020-05-01
> Group:          oauth
> Pages:          22
> URL:
> https://www.ietf.org/internet-drafts/draft-ietf-oauth-dpop-01.txt
> Status:         https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/
> Htmlized:       https://tools.ietf.org/html/draft-ietf-oauth-dpop-01
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dpop-01
>
> Abstract:
>    This document describes a mechanism for sender-constraining OAuth 2.0
>    tokens via a proof-of-possession mechanism on the application level.
>    This mechanism allows for the detection of replay attacks with access
>    and refresh tokens.
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited..
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
>
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._