Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt

Travis Spencer <travis.spencer@curity.io> Fri, 01 November 2019 17:02 UTC

Return-Path: <travis.spencer@curity.io>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2148E1208BB for <oauth@ietfa.amsl.com>; Fri, 1 Nov 2019 10:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=curity-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLG5aORfgL_d for <oauth@ietfa.amsl.com>; Fri, 1 Nov 2019 10:02:11 -0700 (PDT)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F30A120019 for <oauth@ietf.org>; Fri, 1 Nov 2019 10:02:11 -0700 (PDT)
Received: by mail-yb1-xb2b.google.com with SMTP id h202so4120517ybg.13 for <oauth@ietf.org>; Fri, 01 Nov 2019 10:02:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=curity-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ecpCWkytMesrEQXclX2KAHoxraZ8AmXiTTR7GYhgkwY=; b=cIEMZu3y9AJ/Q5DF0j1phnrmRaz34nNnw1AccWgtlsMcd6Fu2q9QzgeU5RoPzcWJzU z84kdcSAAQ2KpQfln3taVS1U7fZlMOezKf/D7GxQYs5AHgMc1B+yn9js3w3Z8XInAeu+ 1oEkdNHU59LebKqwTuUGneUn6kgvpXbolIHou6HgM85545pzgfgu1Z1LRkmygzc7WnUp QMc6oyU9GDdmoGe6pWorQdDBz5rOoTgKeEilMctgV541SfZv+5/bUfd/dnQzN/APmCuV MhYj7VJPi2rIn7GSXJWsL4mMZxxa/fZpHMqQIbmzRHmtuEV6PcJyc8MLvtWQzj7c3SAE 9Awg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ecpCWkytMesrEQXclX2KAHoxraZ8AmXiTTR7GYhgkwY=; b=IfSvAZDG0kvU5zJ6caeE8w7CV985IExLwkDC8sMx3zbIgvznPS89mxHTGf99F8fsqv w0tQHBISMNAyj7vVpUbE1mXMaDifTSCztGKNbvvgyUzEFKQjyLQwI99r6lNcxUkPMpVV z3XH+qB1Xb7xcDtXUjGb8YFQixd+qiVfskpZ+k7BRSeT4j+QclAbIfQ7ATMnfOQWMAv4 ehSk6c7cxHxgWUQJV+XXZas8QMBJ0gWFxL2cUj9iqwqG6qBvU0o0x6aLR1LGpruBnHF/ 031hPK+uIcaI86F1iVEJR8Z4sbFPrGiS7izcpK9xPwtGxMz32WN2nlLPOBpR9cUxhr2q E4+A==
X-Gm-Message-State: APjAAAVgfN9JfGjxMSKt29b+mclA5EgVJpB3bR1OlBpLUAjFJeGpSZ4t vYKGyDOqvcl6vhDJTI037cNl/PUFLQ/oitudf7afxg==
X-Google-Smtp-Source: APXvYqywEAe3nJvKzK/pt6YP96auPCbJGuA0ukz+4If2qrcUdTYYjSDbejh3ghvgUPKlZCr+5rv7wSdOCyNgWFRhUK4=
X-Received: by 2002:a25:e70a:: with SMTP id e10mr10233917ybh.105.1572627730484; Fri, 01 Nov 2019 10:02:10 -0700 (PDT)
MIME-Version: 1.0
References: <85D42AA1-FF57-4383-BACB-57C5AA32CFAC@lodderstedt.net> <CAEKOcs2gkM3Henz5nS04_EuBQXWWbJU5K02ErP0rnVZXmjxXJQ@mail.gmail.com> <20191021020546.GZ43312@kduck.mit.edu> <CA+k3eCS7pf3wXBkpbXE0AXKUGogo0YcHd8oWfiBfkPB5axGQQw@mail.gmail.com>
In-Reply-To: <CA+k3eCS7pf3wXBkpbXE0AXKUGogo0YcHd8oWfiBfkPB5axGQQw@mail.gmail.com>
From: Travis Spencer <travis.spencer@curity.io>
Date: Fri, 1 Nov 2019 18:01:59 +0100
Message-ID: <CAEKOcs2po08AUUcqgMmuQOmsRPbDpLYsAFTK_br0x+QEb_0rgA@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, oauth <oauth@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/oa33KZdTxp7h6BX2yfUzp4UMQpM>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 17:02:13 -0000

On Wed, Oct 23, 2019 at 2:11 PM Brian Campbell
<bcampbell@pingidentity.com>; wrote:
> I agree with Ben here that it's not at all clear that the OAuth MTLS document should have defined a protocol from proxy to backend.

Shouldn't it at least normalitvely reference some other spec then? If
that reference is not defined before this draft is finalized, one
could say they comply with the final mTLS spec but in a
non-interoperable way.