Re: [OAUTH-WG] Mailing List for submitting OAuth Security and Vulnerability Reports

Aaron Parecki <aaron@parecki.com> Tue, 12 January 2016 16:44 UTC

Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7408A1B2B1C for <oauth@ietfa.amsl.com>; Tue, 12 Jan 2016 08:44:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5CQvlWEI0nr9 for <oauth@ietfa.amsl.com>; Tue, 12 Jan 2016 08:44:04 -0800 (PST)
Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91AAE1B2B1B for <oauth@ietf.org>; Tue, 12 Jan 2016 08:44:04 -0800 (PST)
Received: by mail-pf0-x22d.google.com with SMTP id 65so65412605pff.2 for <oauth@ietf.org>; Tue, 12 Jan 2016 08:44:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=yXRvyb0A1fbFFl6k4N/tnycIyP34ljrDj4MUg67q0lE=; b=bJZesN/ns0GMFIuZwNFYa1J4qCMKBBAzKLD8uvlCKQErqTzCvKqDf5aCX9MR73/y7v 5hoHaKvGa6qHw/03V83reHa0UPFhf+XTTxU+rnMXx4GDSEXYpmdnC2s6f1nZ+rJNZvjb TZuv0GJIfTmMFTDCW1jtg8cIpIalN+mjb+b8P4lzhQ6HxXla7z/jQJ23nnHgHdLOyTWX xuiausnhUxZrPu6haDruPrXuxA6ZwBDf7GDmRP3E1Miiair4GiczRm3rZVoE+/NcFwyc eLyMNuesPX+yg+6blGpH7x1i7kSF4is/IamPrpoRjTdb771Rf8aJNWkA39exTcixKZ4D ccfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=yXRvyb0A1fbFFl6k4N/tnycIyP34ljrDj4MUg67q0lE=; b=EUQ58ewSj0Iwoif3Wn9L1/u2Y3MQzHs/XGClNYj1noKc+mIBxLwm1QeNvMjfhRZK+W 12UqlAEg+0AEerLI/48qe5CiOFvaBsaIaGpI8B/U26psMPP6pD2UakZLoySClIdlx1Ep t9xVJ7NXBm3fVXVSX7zPoMs5Cl9bJSKxLTzGhSGTnBVLleyEMdrQDsP/a4QXkjzrL9eE OGGWWqdtTZ3uvPLA+JphzwiNBB/ZbB8VPbnIOQjDqkAPI/z6Bh9N13GUfLYTUoqinVKw C9lAWgWbMyDsFRPQb2EkNfUzPPzYYwxnIH/uLZYvRLCr4BT2RIl+CBN0YcV8PH48cVTy 5kRA==
X-Gm-Message-State: ALoCoQliAqyxJ/N1/rgVWPcDItjL5HbWpLBdakOgEEt3fUO8NrvIPexrmjxGJK8APD3XvHgKwgGzwseo892t8dPPlMuhD74j6g==
X-Received: by 10.98.12.213 with SMTP id 82mr35113059pfm.116.1452617044176; Tue, 12 Jan 2016 08:44:04 -0800 (PST)
Received: from mail-pf0-f171.google.com (mail-pf0-f171.google.com. [209.85.192.171]) by smtp.gmail.com with ESMTPSA id dg1sm194076176pad.18.2016.01.12.08.44.03 for <oauth@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Tue, 12 Jan 2016 08:44:03 -0800 (PST)
Received: by mail-pf0-f171.google.com with SMTP id e65so65615667pfe.0 for <oauth@ietf.org>; Tue, 12 Jan 2016 08:44:03 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.98.0.212 with SMTP id 203mr11043021pfa.143.1452617043374; Tue, 12 Jan 2016 08:44:03 -0800 (PST)
Received: by 10.66.50.69 with HTTP; Tue, 12 Jan 2016 08:44:03 -0800 (PST)
In-Reply-To: <56952158.8020509@gmx.net>
References: <56952158.8020509@gmx.net>
Date: Tue, 12 Jan 2016 08:44:03 -0800
X-Gmail-Original-Message-ID: <CAGBSGjqSegtS5PW+Y54iw7Vpyhjo3jiqeo6wvJFQ-YpSpogZYQ@mail.gmail.com>
Message-ID: <CAGBSGjqSegtS5PW+Y54iw7Vpyhjo3jiqeo6wvJFQ-YpSpogZYQ@mail.gmail.com>
From: Aaron Parecki <aaron@parecki.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=001a11438c5cdd8135052925c259
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/gr5VBmWPRuzl9yIcERfo7If_Og8>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Mailing List for submitting OAuth Security and Vulnerability Reports
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 16:44:06 -0000

If you send me a short sentence I can add a note on the oauth.net site with
this information as well.

----
Aaron Parecki
aaronparecki.com
@aaronpk <http://twitter.com/aaronpk>


On Tue, Jan 12, 2016 at 7:52 AM, Hannes Tschofenig <
hannes.tschofenig@gmx.net>; wrote:

> Hi all,
>
> you may have seen (from the announcement sent by the secretary) that we
> have requested the creation of a new mailing list, namely
> <oauth-security-reports AT ietf.org>. We want to use this list as an
> "entry point" for others to submit vulnerability reports and other
> security problems related to OAuth.
>
> Because of the nature of such reports this list it is not public.
>
> You cannot subscribe to the list yourself. Instead, the OAuth working
> group chairs will invite experts to join this list and the number of
> persons on that list will be very small.
>
> We will put the information about the mailing list to the OAuth WG page
> and advertise it as widely as possible to reach out to security
> researchers and other security experts.
>
> Ciao
> Hannes & Derek
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>