Re: [OAUTH-WG] Call for adoption: OAuth Security Topics

John Bradley <ve7jtb@ve7jtb.com> Thu, 02 February 2017 21:33 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 232431299F6 for <oauth@ietfa.amsl.com>; Thu, 2 Feb 2017 13:33:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ve7jtb-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbwWzWSx5BtI for <oauth@ietfa.amsl.com>; Thu, 2 Feb 2017 13:33:43 -0800 (PST)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A7481299EE for <oauth@ietf.org>; Thu, 2 Feb 2017 13:33:43 -0800 (PST)
Received: by mail-qt0-x22e.google.com with SMTP id x49so1314959qtc.2 for <oauth@ietf.org>; Thu, 02 Feb 2017 13:33:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=xsAmrIk8xs+UCYldqUqVsyraDqg4tAhVonI7FQbun+M=; b=FG9/dBRFrvto5zNRZTbncxylZuVZATg8BrDQ6Ek7RBCb0NIcwt5TbVsicZ5BSg0AbC ttDqR13RPZUNnyiFUpzz4md9zhcHhzXlG+FAftAvEUlwM+I+d87ygabBKDd+AA/fhTcR NNJekvL0hpZDtBDeJadWQggAT6jcWdfa7g59NSmzj+ei159yiB0RB2gr0nwBFGsB44Hm KRYIeJeAIO2XuhYJMy43uYb2joedZ/v33ZLBNgeN1fpTxu4gsq0L876FkPAhBtrsy/dR C51qjFVt5kIgnH4fkmxe8njqVyaHLcry1Cfal8EYPVh1z7IWDzUuGWowvbYuj6vFPUiE HBig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=xsAmrIk8xs+UCYldqUqVsyraDqg4tAhVonI7FQbun+M=; b=EzptT0KBN8ZPkn2JBmdXBu6I0aIzYflqlGD2Co+MGc8B3p6pnv1kfq2Z8B5XpfXSVr sUFmvVN08UzAvUJbYjwEwPv/ap2wBZ6k9g43LsmsZY0jjGybto3TKxG3BZ9j0KWz9kTF xXu0iw0CmjOZ9o7DiP2Zp40J4oEdPhIXArkVU7F5DwFpNM0n87Z+ybjeUaHVXulLuK/X rneRKQuFU5mRiVoAIHj8XRlJZL/rdgTmiSBL4FiqE16kHdebyu7PU/vTf4i6WAmUJ1Wm msmQ6rQLqM0N2PmOsEKTxaBXbzSeL6CXOeQ10O9tVB5I9xfgGYgez/NA7CD6ISlvEPrb 32KQ==
X-Gm-Message-State: AMke39n5nK4l/WD300H1fh0j0hqTNnOuCVFPiR7bONv221IX4U/b+WIMdtW6g2wN3OV5Afh5
X-Received: by 10.55.110.6 with SMTP id j6mr11039614qkc.92.1486071222363; Thu, 02 Feb 2017 13:33:42 -0800 (PST)
Received: from [192.168.86.137] ([191.115.101.85]) by smtp.gmail.com with ESMTPSA id m30sm22635373qtg.10.2017.02.02.13.33.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Feb 2017 13:33:41 -0800 (PST)
From: John Bradley <ve7jtb@ve7jtb.com>
Message-Id: <541A5105-B963-4FA4-94E4-D794A73B3358@ve7jtb.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_01BC8EE5-4946-40DB-9F76-C3E9CFA08C6A"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Thu, 2 Feb 2017 18:33:38 -0300
In-Reply-To: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/mpp8fAVKM7OM3dxRsCuYS8snIbE>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for adoption: OAuth Security Topics
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 21:33:45 -0000

I am in favour of adoption.
> On Feb 2, 2017, at 4:09 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net>; wrote:
> 
> Hi all,
> 
> this is the call for adoption of the 'OAuth Security Topics' document
> following the positive call for adoption at the last IETF
> meeting in Seoul.
> 
> Here is the document:
> https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00
> 
> The intention with this document is to have a place to collect
> discussions and conclusions around OAuth 2.0 security and to reference
> the actual solution specifications.
> 
> Please let us know by Feb 16th whether you accept / object to the
> adoption of this document as a starting point for work in the OAuth
> working group.
> 
> Ciao
> Hannes & Derek
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth