Re: [OAUTH-WG] JOSE/JWT Security Update Presentation
Dave Tonge <dave.tonge@momentumft.co.uk> Fri, 31 March 2017 14:59 UTC
Return-Path: <dave.tonge@bluespeckfinancial.co.uk>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4A1D12987B for <oauth@ietfa.amsl.com>; Fri, 31 Mar 2017 07:59:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=momentumft.co.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grdUEFi0fcHZ for <oauth@ietfa.amsl.com>; Fri, 31 Mar 2017 07:59:16 -0700 (PDT)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73ACE12950A for <oauth@ietf.org>; Fri, 31 Mar 2017 07:59:16 -0700 (PDT)
Received: by mail-it0-x234.google.com with SMTP id y18so13335489itc.1 for <oauth@ietf.org>; Fri, 31 Mar 2017 07:59:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=momentumft.co.uk; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=bPa1YSZJBLOEq2ZfJYVYg9nJOjw99IWRLv9JkTGagHM=; b=Ys9/I6s0NhacR4SjFJ9zFlbktaC6SPZdF2rRHaHP0HnPwEsmR/qEfZ6f9Kl/4ReqS2 VSBA1FMh79gC4Pn7FUWRJVIRzlGlV/bF8kUOOCXzbaG79NDHYqYDXqJp9bq3QXmVyP6I Qg7Ip4ydJFbqt+fAxB51uMD144l4ztuguj8HE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=bPa1YSZJBLOEq2ZfJYVYg9nJOjw99IWRLv9JkTGagHM=; b=NJ6kXT0uzIwpSyiQnAUcBnmXvbyvzgBDLtQjAg0cX55IrURNBKR9m4hEDBsPWcK6ix /IcH7mdCZRZDGOyOV+Y+K1toj2pM79JXHrGP4/hiJ921iBLmpEC50599h9U39pwDonD2 pKB4+BkhZ3wxipGvcR4CMh/XQlTgi91Cj61gIZAvJOagLMeg5egCTd/a0Ccon/F2kXuV PI7+/GEdxBfjQse6D0jOXbI/r+0cyBWr39o1CD9/nCc4KFhEkSi5mwtpQDoy7K1V7cUj dAk+xqO6AgrSXis9WdJekNnHJ71eys9WlzsYpcBAVWtjvzDDY48QrBdxK54lIWIrUZMm Qh4A==
X-Gm-Message-State: AFeK/H1cLrV583juaC5rKweWSgEhpoaKrxII9TMkMaVfRySmpJyFCoVY9/lVFr7bQafzU9D9NmJ7FDVOQVZXvyxV
X-Received: by 10.36.20.1 with SMTP id 1mr3771106itg.121.1490972355337; Fri, 31 Mar 2017 07:59:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.164.223 with HTTP; Fri, 31 Mar 2017 07:58:54 -0700 (PDT)
In-Reply-To: <CY4PR21MB0504F95D0B36D852BEF0AE9BF5350@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <CY4PR21MB0504F95D0B36D852BEF0AE9BF5350@CY4PR21MB0504.namprd21.prod.outlook.com>
From: Dave Tonge <dave.tonge@momentumft.co.uk>
Date: Fri, 31 Mar 2017 15:58:54 +0100
Message-ID: <CAP-T6TT3ZybhMALD9B=pTq0w8dADeTBZpGqmUSzEwcO6criR5A@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>, oauth@ietf.org
Content-Type: multipart/alternative; boundary="001a1143e5209c4802054c080d9a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ldRGaLkKWQlTQ1Qcc2SGlu9rTbY>
Subject: Re: [OAUTH-WG] JOSE/JWT Security Update Presentation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 14:59:19 -0000
Thanks Mike I agree with all the next steps, we need some articles to help combat the FUD that is being spread. Is there any action on who will write those articles? Dave On 29 March 2017 at 21:08, Mike Jones <Michael.Jones@microsoft.com> wrote: > Yaron Sheffer had asked me to give an update on JOSE/JWT security to the > SecEvent working group. As promised during our working group meeting > Monday, that presentation is attached. At the microphone, Kathleen > suggested that we may want to collect information about best practices for > implementers and deployers and write a BCP containing them. She said that > JWT is being used in many places in the IETF at this point. > > > > -- Mike > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > -- Dave Tonge