Re: [OAUTH-WG] Call for Adoption: Mutual TLS Profiles for OAuth Clients

Dave Tonge <> Fri, 21 April 2017 09:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 620F7129426 for <>; Fri, 21 Apr 2017 02:32:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.688
X-Spam-Status: No, score=-2.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NKztIKbqoJja for <>; Fri, 21 Apr 2017 02:32:02 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DA40A129A8D for <>; Fri, 21 Apr 2017 02:32:01 -0700 (PDT)
Received: by with SMTP id r16so106764925ioi.2 for <>; Fri, 21 Apr 2017 02:32:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6XsbT481k3Tl5pkgzwkbkacj6B+FdzOPf0Qi4iqhdrk=; b=NgCFLBRTJMFqjNWJ9Qg8JupvdUI0JI9fvSYUVYS4Mgq4+AAJbkVAgHJrxHOctdRXPW FCzgmpJ6DjyaxEWLFMNlAZYprGUn5b2S7Tbs3AZweXs6nr2GoZknPwUNGIbuuLmaEZ4M zRnBBN6v5dhcCgYWLXzsUBVUpt3MrcqtoqDbE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6XsbT481k3Tl5pkgzwkbkacj6B+FdzOPf0Qi4iqhdrk=; b=a7iJNIZKXlJW98QWFN8zpAq5sVupj2N4GkkzdYcNASv6g6wmfGdCW1P1Y5PHJw3fb9 pcikf0syYtpoC50UTSVODKDyFsfbPfSekOwCrBbyFIeK3P+45Ox72VneW3mElWc6/r1k pTaM4T9mQcSwlYf8Vro6+po8xa5UyrLjoK3KvorawU7JTfZ6DG720hW5BX1waOlxIRRb WTLxpHw/vTo7CKh/zNa/LcejrQy+VTetKPwzSWalPcoHd3hZn62/tpoGbopWg79f3aks 0o80Glsp/vtuz2F6XcBqf6smSPwt2kPqDct0Pztxjsbro2vGh0Eivtpes7qN43ax4Co9 /Yiw==
X-Gm-Message-State: AN3rC/5c13x0ygJsmb9Lriuhv60DyY8A+Ei+HVdX3KISIgy4tXZByOHA c+yHl6WsLBMJzzxT+E+1eIIaLza3xypJ
X-Received: by with SMTP id e5mr9510837ith.0.1492767120102; Fri, 21 Apr 2017 02:32:00 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 21 Apr 2017 02:31:39 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Dave Tonge <>
Date: Fri, 21 Apr 2017 10:31:39 +0100
Message-ID: <>
To: Hannes Tschofenig <>
Cc: "" <>
Content-Type: multipart/alternative; boundary="94eb2c11c82eed5ed4054da9edb9"
Archived-At: <>
Subject: Re: [OAUTH-WG] Call for Adoption: Mutual TLS Profiles for OAuth Clients
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 21 Apr 2017 09:32:04 -0000

I support adoption of draft-campbell-oauth-mtls

As previously mentioned this spec will be very useful for Europe where
there is legislation requiring the use of certificate-based authentication
and many financial groups and institutions are considering OAuth2.

The UK Open Banking Implementation Entity has a strong interest in using
this spec.


On 20 April 2017 at 17:32, Hannes Tschofenig <>

> Hi all,
> based on the strong support for this document at the Chicago IETF
> meeting we are issuing a call for adoption of the "Mutual TLS Profiles
> for OAuth Clients" document, see
> Please let us know by May 4th whether you accept / object to the
> adoption of this document as a starting point for work in the OAuth
> working group.
> Ciao
> Hannes & Rifaat
> _______________________________________________
> OAuth mailing list

Dave Tonge
[image: Moneyhub Enterprise]
10 Temple Back, Bristol, BS1 6FL
t: +44 (0)117 280 5120

Moneyhub Enterprise is a trading style of Momentum Financial Technology
Limited which is authorised and regulated by the Financial Conduct
Authority ("FCA"). Momentum Financial Technology is entered on the
Financial Services Register (FRN 561538) at Momentum
Financial Technology is registered in England & Wales, company registration
number 06909772 © . Momentum Financial Technology Limited 2016. DISCLAIMER:
This email (including any attachments) is subject to copyright, and the
information in it is confidential. Use of this email or of any information
in it other than by the addressee is unauthorised and unlawful. Whilst
reasonable efforts are made to ensure that any attachments are virus-free,
it is the recipient's sole responsibility to scan all attachments for
viruses. All calls and emails to and from this company may be monitored and
recorded for legitimate purposes relating to this company's business. Any
opinions expressed in this email (or in any attachments) are those of the
author and do not necessarily represent the opinions of Momentum Financial
Technology Limited or of any other group company.