Re: [OAUTH-WG] JOSE/JWT Security Update Presentation
Dick Hardt <dick.hardt@gmail.com> Fri, 31 March 2017 15:16 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8F6A1243FE for <oauth@ietfa.amsl.com>; Fri, 31 Mar 2017 08:16:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TUjevVhCyiLH for <oauth@ietfa.amsl.com>; Fri, 31 Mar 2017 08:16:41 -0700 (PDT)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 642F9129506 for <oauth@ietf.org>; Fri, 31 Mar 2017 08:16:41 -0700 (PDT)
Received: by mail-qk0-x22d.google.com with SMTP id d201so39651732qkc.0 for <oauth@ietf.org>; Fri, 31 Mar 2017 08:16:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RXjfnHAFje1q+rfQWKF9ljyFnOG9FGVsa7+c/zsedKI=; b=pyfpPtKfbCiSRoRQaLdoZxX4s/tLmUG+7kX6bzbZFChimfkvBqG+96zFRSLaNcX9nX UAfaNiUOzhss7JdBH249cZxepHj8fQD+rTaIniIF0nlxrtfoaSXJ8AgBTpYWJS+3+8M+ Z/PEvnAaqhPSmjfn+R0rqsqIK6XjGjPZMNFam0Wdy42AR4whvzzCO7qPjWAJpl0Qzxul da8dzX4Ssi1jquj2Zqhy1AI0UU89mwIWHWDCjQfQ0LVTNJkXvmi4rVUaEpyQgIeTWpOd VJQuj5TiNqWHbYY7TaxKMymlwLo3J2dyRPj4JJWPRcgVqFw3soWNJi6RqC6mniEwNMwI NdkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RXjfnHAFje1q+rfQWKF9ljyFnOG9FGVsa7+c/zsedKI=; b=ILJBfxXdZ0EYsB21gg66szOu6s7q23OJ3Pt/SSqlljjMuwHfZZobKROrJXA8i0c8Xu X134IRHeM0ez+jBSIAh/2MNzto2xrWLj4cSEToMQD6jT+ZVwoGAWBB5yPikHbNM5lwez 75L3okYB+Dq1qpXTPd7aKk/mR2d2SNKuQiEdhcYlpzjuClU2P7/sPqpo4cdbyUUJTMS3 cbh+6w5Cssr+zB0crFdpwJ0A6wWDzcIWcfwQPJ+rMtr4xylNrVJGiy1M1NMU32Y7n3ht YMLecyTnJFSTXwrKSeQbYdyggnFg0D//2VOK42BTTlPW1x8kkdXdRZ0jLOEyoX9pHNcA EntQ==
X-Gm-Message-State: AFeK/H0XZDoDn1DcYXEio4XVviRXqe0E0YA/UeJmgcdSoXqMRCNEKvv+YULksxhW7stXHznXMds9cXz7UQfq4g==
X-Received: by 10.55.75.70 with SMTP id y67mr2312956qka.153.1490973400489; Fri, 31 Mar 2017 08:16:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.46.230 with HTTP; Fri, 31 Mar 2017 08:16:19 -0700 (PDT)
In-Reply-To: <CAP-T6TT3ZybhMALD9B=pTq0w8dADeTBZpGqmUSzEwcO6criR5A@mail.gmail.com>
References: <CY4PR21MB0504F95D0B36D852BEF0AE9BF5350@CY4PR21MB0504.namprd21.prod.outlook.com> <CAP-T6TT3ZybhMALD9B=pTq0w8dADeTBZpGqmUSzEwcO6criR5A@mail.gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 31 Mar 2017 10:16:19 -0500
Message-ID: <CAD9ie-vJJczdNVfqGcrYzwDQb-Lt+r-WnxiTLkG_aPAWc2KFTQ@mail.gmail.com>
To: Dave Tonge <dave.tonge@momentumft.co.uk>
Cc: Mike Jones <Michael.Jones@microsoft.com>, Oauth Wrap Wg <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001a114a9c18e806ac054c084b0b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/dNSdJSSdNMxmjlyVqGIEThehhrs>
Subject: Re: [OAUTH-WG] JOSE/JWT Security Update Presentation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 15:16:44 -0000
Mike, Yaron Cheffer and myself have volunteered to write a JWT BCP. It is a topic on the agenda in the OAuth meeting currently underway. On Fri, Mar 31, 2017 at 9:58 AM, Dave Tonge <dave.tonge@momentumft.co.uk> wrote: > Thanks Mike > > I agree with all the next steps, we need some articles to help combat the > FUD that is being spread. > Is there any action on who will write those articles? > > Dave > > On 29 March 2017 at 21:08, Mike Jones <Michael.Jones@microsoft.com> wrote: > >> Yaron Sheffer had asked me to give an update on JOSE/JWT security to the >> SecEvent working group. As promised during our working group meeting >> Monday, that presentation is attached. At the microphone, Kathleen >> suggested that we may want to collect information about best practices for >> implementers and deployers and write a BCP containing them. She said that >> JWT is being used in many places in the IETF at this point. >> >> >> >> -- Mike >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> > > > -- > Dave Tonge > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > -- Subscribe to the HARDTWARE <http://hardtware.com/> mail list to learn about projects I am working on!