IETF Logo Mail Archive

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-security-topics-21.txt

Rommel Formentera <yyenoh_01@yahoo.com> Tue, 27 September 2022 20:20 UTC

Return-Path: <yyenoh_01@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B182C15AE0F for <oauth@ietfa.amsl.com>; Tue, 27 Sep 2022 13:20:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.843
X-Spam-Level:
X-Spam-Status: No, score=-1.843 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sdekIdhiXL4b for <oauth@ietfa.amsl.com>; Tue, 27 Sep 2022 13:20:53 -0700 (PDT)
Received: from sonic310-20.consmr.mail.sg3.yahoo.com (sonic310-20.consmr.mail.sg3.yahoo.com [106.10.244.140]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 574C2C14CE29 for <oauth@ietf.org>; Tue, 27 Sep 2022 13:20:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664310048; bh=zbwA+F3m3EjJNT5w9VvHPMySu9FF71Q3M/ium+fjAQY=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=JSCwi8k0z8voPTy1bCwvlyMr3yrp+UjDcgg9perAzwQOztQHatp+Y7ZEZmCb2Vt6Tmx5tPu8kM2X3ME17oRw6ZQ4zublwSXUWmp6Dcss6rLpgRtrS2AYr3vGCI0wN8YHTHCTNPoO9CQvpeJFsGbvhSsENh3mOnZ6z50q4pUWO1sUko8g0ZMWhrwmZOt4s4eOMhWHhpKHkPiBRPe+WkrkaSDzy4BTng7K++bbLPrrIugFHJIdj2WvOBMAc2ed+V0MKTP3QOKQK22x0binwRvOeBNNJ+fyhjJUmEpDBvZTOHWKWgtpygVRyJZ2yKWrL4tfHYJKRSLJltgJNyu/8J2I2Q==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664310048; bh=Fw6W4C24L3+TtrEBuNXkA60SecQ7lgqJnWAHd2AqVsx=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=Ugf7cR2Je34S2OhCBErxSC793yJUq3qpUmH5o07HxROkAB05bG3ufKkF2Ht4hszv2GwH7SZJC9Rx1Vj4jw9bVjwe3P8w6NmkCM8HM0y8Xiv8Gt7YHhDf7H0+6yVWKhR3EvZN0M1NC3r342DaHHXteabsavh/FU25FVyakEG7+8Cxf10NhQS+LXJzVwPCgRQ8XfOvGqSrPXIQmUs3MeFbgwoc47zggC/eO9LL+3iNQe3sUzu1YY09r1nEldhW0lRwtPzz2WfNkNMiRbgR47w0Gy3TQ81+uDplKq8bfuu6fKPSWJcWV5Wqmn8XPDRZON17KOOCRt3utwufobJG7sDhXg==
X-YMail-OSG: Wy1I72UVM1lyWYSFjoYhavvp6FL10uIgQWEPH_CGEPxZT3o7yH5vu0OXceaoSc3 LVtVeRZm44Ugh3C_O9V0ev7sHfXcIz1UelkzjlUlc2TU0pmQTP.PVnIctQUlXhnG946XELCEP9v_ yDeGqVvjttCzYJO_3e4pvL0prI8VpZSVdSawuNxmAhSt_Nvw.Oi2i6eMnBf446tun4CsuqLHtRLc Jgxpezi_s2rN7yuEDByMLBoI7c98oLFpH7SVPahaE1Feg.RscWkxEx_up0TlbcpiqYzhgBtl5xaF XSnPA9Ki.ssblK9xN0YTccS6gJ8Aoh8oke2LSdT6B5RDFaeRzkqd0dRh6ypwocvmVO1R8F99xU8a x6iFxX3oFvcXX.WGfujepeMc0u3u9HHkumuN1ZofYVHacsYQxpLnFE.ZKkSsUZrBhmGhcWOODP1I 6YsG75dsntq7KFcPAUHJgF1_1VWD_j_.m_QFdqRsfjTTKqy65RZuredVtSMWXbpPmRqkA9bayDCK HU9nfsPoikHju6yK5x8gPuKqTU9_4nv__LHvq.1NSHgcKIEfktBbJJPapnJZU35YRSXtMYEAif31 jvo1xmORknIdCgQlxB2MvLr9anwwFX8EzFX13zlJs_uxJGAQRlue48bYTcheZn5W60YfDSmHYwYd llbsuOzBCUV3.W.UT2qCOO0XtskJXiQQbvDSV48zduIH9moNhZzVdZ70NtJOYrINXA9fVgFg.tqL onOCku7XCFAGxvkonla5uewStdPHhbwuC12.sHtrwhJego_ugVBu8imb_vBVZcJ3wNXqCwIQhta7 3GJdpxLDbrBlIf1INamY6QbUqR3zZGhPoTCvWJ_6STufvWzO2Arma0olkFanrB4dB8b5AzFuWA2H jIrLQgKVWAYXFRw.MxVxuQspFtL8NKW_aRVr7.WkadhAXxKv.K9DY6q0BqrJkFnoP_32Q_Hazibg 1jGPylOWm5H3R7m3O4szttzgyeabOGd7sdQU8XEL4ksAcyrMzcOPqJNLn4yEtCNaLh_wcIuf4nCj zjfgyx5OPbIcy5Rx8fIrT7UHw5HnO9uTFxBzfXZh5XaCPrejvUtQFI7_ixE_8CPh8MGuj.A2r4pm n5C3YwF1fuRMNE_5NqjQvuVZWQfR7pgY7_2H2CMy0WeEwDRlMQ.3qMw8qUOShZfQXO1yR_SnPWTl 4eIeAamDPx8wR.CnNx0bxoOclawxdhFPIdMnAds.4e7hdFb1H6u5G25zbuGcC3zK7rb1a9qYnGHI FRMUmVbDuOdyrH0LA6E09UDXvZRahc9hoOnFqvIcioSE0.vZW5GZmZdjASwN0PzhzBjYRWfx9jhz E9sjJDOXP2ppxVgrkun3Dg7LAf.EIMAnwkMsyNlefhsds.JWecnDBpoxXvkKWycY9Ghgod6cx5BE 6yeH9J5wfWmVTUlFcYQ4BUutDtwXnEgjz0uTuRf5vVKmHhKq7UPaQL_rpCYZpbVuvaBSUyOivr2P oq1N2En.MNCncmBSZckF1UJ6NlulbBuU.gV2Sd8VhxWKHfS_.gTI.C9WUn7yYV0Q0d2VVj8d2kBz IttFsJDfIW7b0a.n_i5HOFhqLBGVJyeG9b467k54.B.byKz.zSZfqPnS.PF2qmSGqnd1p2mA7a_2 dpMLm1Bm9evD29fArgLWn4_OIsRH4ndYkPA8yFSMks3io31H.llnIQ6btqIu.YzMkpe5eChqrp7Z ZVHG5OqzgvKQdBuJlOYjawayfexb6Nx_OY44RkXCtSIMcC4dYEDq2fV7KpDxgQyTdNAq.qU9_p1J lZ2ptljVN2qq5KxnjCVlndsJ9ryrRrwQmsNOIzerKYhy7q23aB9SXhrV9dG200VDJ.rX_KVe_kO5 gvdwo6uFIvCDKNpByyj9wSCyPw.tHoUpbu0vuNwd5vBp58gMMcI9RfIqsYhkFHIlpyOWxNY5reKJ J8HmmiKiRmuITTGt4Cg6hw0ga47ABNwLPgQr1ZB5WA28X5HVLDMqiqE0BllgoAUeft_IiYEHedqD e_ymC2KN.uTs9d7jHmpU.LMvl9HrNaFJ7kke_HQa2ck5HrhtbVDBvadTaN_ThHwpY8_n894CXZW. hY9NZLAv22OX0FxVM5FNmrit1GhcCWk8Dp87rDg1d987Qy7DR0wzrJKwxgfV.v0_mQK9aypW33fV T5BwbL30zxkfgzSMvlJ7Wi_T5nYyl9J8lQUGX1vviuuGrBUty.vGqCt_E7WxQZogZrj3GZ1QGOXt IaJVS7_WWakNRNNM2UKSLvbfhHMXnt9rCLToLQdibnDLwGR2ywB2D9VOMxHe5nf_p_vv0TWmJnCK cxL7OZFgP5dwIpSEJcZeoR8MfSxXdTxsZscuw_POKX2cY6jwby9iFJmFlC4y1MkodXNJdngrpeZF YI_M_g3e0og--
X-Sonic-MF: <yyenoh_01@yahoo.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.sg3.yahoo.com with HTTP; Tue, 27 Sep 2022 20:20:48 +0000
Date: Tue, 27 Sep 2022 20:20:41 +0000
From: Rommel Formentera <yyenoh_01@yahoo.com>
To: oauth@ietf.org, i-d-announce@ietf.org
Cc: oauth@ietf.org
Message-ID: <1244848115.1142863.1664310041397@mail.yahoo.com>
In-Reply-To: <166427848490.9727.6381741723783453469@ietfa.amsl.com>
References: <166427848490.9727.6381741723783453469@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1142862_500186626.1664310041395"
X-Mailer: WebService/1.1.20702 YahooMailIosMobile
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/qC6sx03kuIlEJdv3xb6g-lPaM6k>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-security-topics-21.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2022 20:20:57 -0000

Thank you.


Rommel H Formentera 

On Tuesday, September 27, 2022, 4:35 AM, internet-drafts@ietf.org <internet-drafts@ietf.org> wrote:


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.

        Title          : OAuth 2.0 Security Best Current Practice
        Authors        : Torsten Lodderstedt
                          John Bradley
                          Andrey Labunets
                          Daniel Fett
  Filename        : draft-ietf-oauth-security-topics-21.txt
  Pages          : 56
  Date            : 2022-09-27

Abstract:
  This document describes best current security practice for OAuth 2.0.
  It updates and extends the OAuth 2.0 Security Threat Model to
  incorporate practical experiences gathered since OAuth 2.0 was
  published and covers new threats relevant due to the broader
  application of OAuth 2.0.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-21.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-security-topics-21


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email