IETF Logo Mail Archive

Re: [OAUTH-WG] DPoP followup III: client auth

Neil Madden <neil.madden@forgerock.com> Thu, 03 December 2020 11:03 UTC

Return-Path: <neil.madden@forgerock.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 022213A003E for <oauth@ietfa.amsl.com>; Thu, 3 Dec 2020 03:03:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZImE2dBGZVz6 for <oauth@ietfa.amsl.com>; Thu, 3 Dec 2020 03:03:21 -0800 (PST)
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 215B93A0062 for <oauth@ietf.org>; Thu, 3 Dec 2020 03:03:20 -0800 (PST)
Received: by mail-ed1-x535.google.com with SMTP id d18so1618949edt.7 for <oauth@ietf.org>; Thu, 03 Dec 2020 03:03:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=FnrBdrJbc/sTiMV+o9hnqSeJEh+KoWtYqn/BBmrupLk=; b=boXfo0N37RcAO5hUb4re8ZQwOlxo+rH5lqPo5xFKdl5XVSRKC1QJJEQU6sDKFjRaKI SfJwGVSoHo2UXuzPS9f8/802bjRvq1LO/qSH2uJrAB8R8V3HOVnhN61QpqRp5+P+b/1r O6S2Wr+jpLw428bRcyMTKEMFmFdCjb/1OpIH0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=FnrBdrJbc/sTiMV+o9hnqSeJEh+KoWtYqn/BBmrupLk=; b=R+6vYP+KYBBz4GeeW3nZ74fJjlKZTKAaNkGQKhFP1lK1bdNN+yOsLMS+JxcqWc2u98 CuxlZvcrzJTjgfuD7xlO076TuvuSk/HfQye7x/7zAuo5NcXy6kZqYpy9674/XVcQNtjt /mcVsELqJrmBqkq6Jdz5wuDG5CQEXSbG6vY2NORLGkXI52y2s5m+ljij3bcLXuphhRsw tDbeGY1QZYYN8pIrYyLahH+gbDuAoZH0HtOoiv2BnPYBTp/Km1favNSCSi3azkFh899P lD6evv5cddcfqy9BV5YaVskpj7g10j4jpT4UaqyV7Xdw0zSFkEFEqxicpdoP3LrNAOC4 TtUw==
X-Gm-Message-State: AOAM531cICihN4R78/b2icQs4hJL3JRfxTlO7aE4Cj+94FTMXd1AkWsJ 9J4B3hGg/j12MmQ9ncp+W/EgUlzu4rMADp0DIulwG8QaczO9IXoigCIqnHjZaGNogrRGRkqAXY7 XvDpPDw==
X-Google-Smtp-Source: ABdhPJzXyZWM1kEP2SLAOSsXjoaZ3BX8Htd/Uo27mTstqfw/oCMqaTUQzS44xl3g9VJiyoLBJIgEOA==
X-Received: by 2002:a50:875b:: with SMTP id 27mr2358188edv.24.1606993399344; Thu, 03 Dec 2020 03:03:19 -0800 (PST)
Received: from [10.0.0.4] ([213.31.218.193]) by smtp.gmail.com with ESMTPSA id qu21sm573218ejb.95.2020.12.03.03.03.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Dec 2020 03:03:18 -0800 (PST)
From: Neil Madden <neil.madden@forgerock.com>
Message-Id: <BD66D8B2-C37C-43D9-B3D5-72E52146AF97@forgerock.com>
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Thu, 03 Dec 2020 11:03:14 +0000
In-Reply-To: <CA+k3eCQjCjbcHxmTFn_Ce1aQ-gn31mAXNp9PGp7d6mXkfyDWPA@mail.gmail.com>
Cc: oauth <oauth@ietf.org>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
References: <CA+k3eCQjCjbcHxmTFn_Ce1aQ-gn31mAXNp9PGp7d6mXkfyDWPA@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Content-Type: multipart/alternative; boundary="Apple-Mail=_7DE1598E-51C3-4ABC-B444-94D5D7B81B41"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/eDwx_UYsoPINEI9rU4TYTmawi7w>
Subject: Re: [OAUTH-WG] DPoP followup III: client auth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 11:03:23 -0000

I like the last option :-)

> On 2 Dec 2020, at 22:29, Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org> wrote:
> 
> There were a few items discussed somewhat during the recent interim <https://datatracker.ietf.org/meeting/interim-2020-oauth-16/session/oauth> that I committed to bringing back to the list. The slide below (also available with a few extra spelling errors as slide #19 from the interim presentation <https://datatracker.ietf.org/meeting/interim-2020-oauth-16/materials/slides-interim-2020-oauth-16-sessa-dpop-01.pdf>) is the last of them.
> 
> To summarize, I'm wondering if there's WG interest in working to formalize a client-to-AS authentication mechanism based on DPoP. I think it potentially would be problematic to put into the current document (for a number of reasons) so am preemptively ruling out that option. Thus, basically, I'm asking the WG if there is some/much interest in the idea? In which case I'll find some time (at some point) to write up an I-D for it and bring that back to the group for consideration. Or if I should, as the slide says, "shut up and never speak of this again"?
> 
> <Slide19.jpeg>
> 
> 
> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


-- 
ForgeRock values your Privacy <https://www.forgerock.com/your-privacy>

v2.23.0 | Report a Bug | By Email