[OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt

Brian Campbell <bcampbell@pingidentity.com> Wed, 07 April 2021 20:30 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07CF23A2891 for <oauth@ietfa.amsl.com>; Wed, 7 Apr 2021 13:30:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rIkm2rE40fvM for <oauth@ietfa.amsl.com>; Wed, 7 Apr 2021 13:30:12 -0700 (PDT)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 594483A288B for <oauth@ietf.org>; Wed, 7 Apr 2021 13:30:12 -0700 (PDT)
Received: by mail-lf1-x136.google.com with SMTP id r8so156029lfp.10 for <oauth@ietf.org>; Wed, 07 Apr 2021 13:30:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=pTfGUZfCgF5Jz1giUJand53gWAAI//265kjzGz8Nt04=; b=egRKKZuzb6lbE4pu/fFAzaQI7MUyjnZ2hqn7kMqz9bJ1/UJTlfXt9Um7SbY59F69Xf ViEv8oSCgCmvqO5/tEu+ye15flrViD/6oRq4vp3kJxeAGkOyMIrIKewcDTY2kE4k7VQm hrX1B6UX3kwb5/fecWGjYm3T9pvmxYf3W2eM31cesKZwVPOjdwQy6Cm4jB+mE3XDp3s1 rGi1wQb1PkxEjFAYj1bMxMvsIWeYr6ns9pvDs8wqKjsA++1NmJBNCTNxXmTh6zEgbJCv h4pdCllM7HGjArRgKsDo+GI/uN8JmwP1twu0+lYdwhYshO6bFkthXhvY3SSbdqhk7FY/ hMFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=pTfGUZfCgF5Jz1giUJand53gWAAI//265kjzGz8Nt04=; b=bPM7CoWSvu82ijt0ZfBsYg52IkvGFAprmSNTRpINbewm1Q12XUdgo1FIYBQkJ2aEzD cSZ0vFoNZCI6gmidPOq33e4uomN3zG3espThX2c4Ez6ezDS/Ar1cfm/Kca92CsOFNfbH WlROfLUKTpRqziM1NzKDf4qBo6VTwWKeLRAUKu41uXCQERMAdajSXFPbZNfi+EmVERec QUO+9vNV7mYh1F7HjZhcFuDLXSDouS1NXHILSO9R5l/JQUM1F97iuQ0hD7QdWmJemJfT +OzfDCWSE03sZzVWdVFnQqQ1nafubbVKgiLL9j9ZoNrze+9pUmH2DJWLSadSOtH7/BIr kylA==
X-Gm-Message-State: AOAM532j6Py3Cf/ysBcOCJ3udOunUVHwlcvlNWgbc4kozfn1NK5/7+IE dJqOoeUlw2oS7jy59SnNF9h98Hn+upRE3a+V3p0rM8Y48LckgnisL+43s+kzFkyDOpRjMeCJbCF u6IoUh11MpxHFPhiyHSVeKw==
X-Google-Smtp-Source: ABdhPJy/1HyqYybGu0byi2H5o9jilW4vJqVodfuItf7XLJ70gnsqdv07IFdcbqy+DyfOyblp93wUs0ebtJhAxyr3tFg=
X-Received: by 2002:ac2:442a:: with SMTP id w10mr3627457lfl.657.1617827409416; Wed, 07 Apr 2021 13:30:09 -0700 (PDT)
MIME-Version: 1.0
References: <161782660036.10351.46460390355713291@ietfa.amsl.com>
In-Reply-To: <161782660036.10351.46460390355713291@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 7 Apr 2021 14:29:43 -0600
Message-ID: <CA+k3eCT+rU+3bq_EbhRk9dL1Oq5zMgBcO9SHuR_hN6N=4wcABQ@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000befe505bf67cce4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/eOsDavEsexf_gKAF7GRklhZoWSg>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 20:30:17 -0000

A new revision of DPoP has been published. The doc history snippet is
copied below. The main change here is the addition of an access token hash
claim.

   -03

   *  Add an access token hash ("ath") claim to the DPoP proof when used
      in conjunction with the presentation of an access token for
      protected resource access

   *  add Untrusted Code in the Client Context section to security
      considerations

   *  Editorial updates and fixes

---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Wed, Apr 7, 2021 at 2:16 PM
Subject: New Version Notification for draft-ietf-oauth-dpop-03.txt


A new version of I-D, draft-ietf-oauth-dpop-03.txt
has been successfully submitted by Brian Campbell and posted to the
IETF repository.

Name:           draft-ietf-oauth-dpop
Revision:       03
Title:          OAuth 2.0 Demonstrating Proof-of-Possession at the
Application Layer (DPoP)
Document date:  2021-04-07
Group:          oauth
Pages:          32
URL:            https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-03.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/
Html:
https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-03.html
Htmlized:       https://tools.ietf.org/html/draft-ietf-oauth-dpop-03
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dpop-03

Abstract:
   This document describes a mechanism for sender-constraining OAuth 2.0
   tokens via a proof-of-possession mechanism on the application level.
   This mechanism allows for the detection of replay attacks with access
   and refresh tokens.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._