IETF Logo Mail Archive

Re: [OAUTH-WG] Review Comments for draft-ietf-oauth-proof-of-possession-02

Mike Jones <Michael.Jones@microsoft.com> Thu, 20 August 2015 00:41 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 606AD1A8A94 for <oauth@ietfa.amsl.com>; Wed, 19 Aug 2015 17:41:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nkk1WK2xDo0x for <oauth@ietfa.amsl.com>; Wed, 19 Aug 2015 17:41:18 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0719.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::719]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CB621A8A90 for <oauth@ietf.org>; Wed, 19 Aug 2015 17:41:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+0SyftDz26gez58yKUZM7wLFrz+0MRfJrDVEl6qlRR0=; b=LG6Xip3Ntsln4jIcwITV/1A5j/kwIILiw3ItDcLS40rYdCD26PxOuMSSw26mVNjEWk/X0aCO1VT3ndE6nJfVeI/arksVUKFK7dmdsk0EbisIDacBFo27dz+o0VxS9Itfg8ihLky/bu/Cle1kYD3p0EVf8abpkZ9UAvI9003YoQQ=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) with Microsoft SMTP Server (TLS) id 15.1.231.11; Thu, 20 Aug 2015 00:41:00 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0231.011; Thu, 20 Aug 2015 00:41:00 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Nat Sakimura <sakimura@gmail.com>
Thread-Topic: [OAUTH-WG] Review Comments for draft-ietf-oauth-proof-of-possession-02
Thread-Index: AQHQ2jOTWaLNLadkjU2DITHnPVooS54UDQaQ
Date: Thu, 20 Aug 2015 00:41:00 +0000
Message-ID: <BY2PR03MB4424D9473EB965A3E6153ADF5660@BY2PR03MB442.namprd03.prod.outlook.com>
References: <CABzCy2CRdmH35z5b=oL4sE9qJd=t_xCcg=Fds_orrgtYL2KeNw@mail.gmail.com> <BY2PR03MB44209EC64A7DCD857F52D22F57F0@BY2PR03MB442.namprd03.prod.outlook.com> <CABzCy2AkYccxz6LSTi19zZB9V8LUoBJ6rBugf0T2n=3n9gBjSQ@mail.gmail.com>
In-Reply-To: <CABzCy2AkYccxz6LSTi19zZB9V8LUoBJ6rBugf0T2n=3n9gBjSQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8::33c]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB442; 5:j9aUUvbU9pNpejI+8iORmmrn8YvxrMRTre6DIBoE8ljADJUIdGp7LO1aaRNfFu+I+BwC9d4cT40027svm8/gV2ksHPIuej2dXXtSPQW7WXibC3CvxJJD97Bsq55f6w+Mep6JmrvFajy9fagi0c8mqw==; 24:GS85IYKPzpCT6Zh9QHvOb4wTK4nF37MnH9oO197M0y2GLqeh7Bkj90CmCnsy7E9S8URIyVXG1ZB8t78J33Vaf9aivqAp7zG5sPkqT0AqbHg=; 20:ANvOcav/a6O4Knb6dTya99+MVE8R94CFsFyHVmuEl8It0bkyNrvMDZltTXuGi3j+h1uMESciQC3JcPuR9pz/zw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB442;
x-microsoft-antispam-prvs: <BY2PR03MB442370E0347A6B81786EDB8F5660@BY2PR03MB442.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(8121501046)(5005006)(3002001); SRVR:BY2PR03MB442; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB442;
x-forefront-prvs: 0674DC6DD3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(189002)(92566002)(86612001)(105586002)(97736004)(16236675004)(33656002)(230783001)(110136002)(106116001)(106356001)(2656002)(87936001)(99286002)(74316001)(19625215002)(86362001)(19580395003)(5007970100001)(101416001)(50986999)(1411001)(46102003)(19300405004)(10090500001)(5001920100001)(76176999)(10290500002)(102836002)(122556002)(81156007)(40100003)(77096005)(5003600100002)(5001860100001)(10400500002)(4001540100001)(189998001)(15975445007)(68736005)(76576001)(62966003)(54356999)(77156002)(2900100001)(2950100001)(5002640100001)(5005710100001)(64706001)(8990500004)(5001960100002)(5001830100001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB442; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB4424D9473EB965A3E6153ADF5660BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2015 00:41:00.1130 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB442
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/hhYMPAqPFCaZOoGckkf31IUo_2g>
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Review Comments for draft-ietf-oauth-proof-of-possession-02
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2015 00:41:21 -0000

Privacy Consideration
========================
It is missing privacy consideration. It is not required per se, but since Key Confirmation method with ephemeral key can be less privacy intrusive compared to other sender confirmation method so adding some text around it may be a good idea.

Can you supply some specific proposed text for -04?

When do you expect -04?
Depending on it, I may be able to.

I expect to work on this on my Friday morning – 1.5 days from now.

                                                                Best wishes,
                                                                -- Mike

v2.23.0 | Report a Bug | By Email