Re: [OAUTH-WG] New Version Notification for draft-hunt-oauth-pop-architecture-00.txt

Bill Mills <wmills@yahoo-inc.com> Thu, 03 April 2014 16:07 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0A5B1A01F4 for <oauth@ietfa.amsl.com>; Thu, 3 Apr 2014 09:07:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.22
X-Spam-Level:
X-Spam-Status: No, score=-16.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779, USER_IN_DEF_WHITELIST=-15] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V43f-XXngTsB for <oauth@ietfa.amsl.com>; Thu, 3 Apr 2014 09:07:17 -0700 (PDT)
Received: from mrout2-b.corp.bf1.yahoo.com (mrout2-b.corp.bf1.yahoo.com [98.139.253.105]) by ietfa.amsl.com (Postfix) with ESMTP id CCF7A1A0211 for <oauth@ietf.org>; Thu, 3 Apr 2014 09:07:16 -0700 (PDT)
Received: from BF1-EX10-CAHT16.y.corp.yahoo.com (bf1-ex10-caht16.corp.bf1.yahoo.com [10.74.226.60]) by mrout2-b.corp.bf1.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id s33G6PaI059854 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <oauth@ietf.org>; Thu, 3 Apr 2014 09:06:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yahoo-inc.com; s=cobra; t=1396541186; bh=t0IirXC7K5HtTgcbBuyqcbUb5iB2Nh61c/coKyzbLOM=; h=References:Date:From:Reply-To:Subject:To:In-Reply-To; b=lmfxop2kWBmqbmvau1l01ZAE7O6AoxlQZoxmXQTV2Q2CIhIo8m758U82xiqrGUUkS ukq2v5RZqvpvMySJWj6h7WA2RPHogB34PnbOjkavRyAGNHtVqgZFeagf0n5ZhCaUhV 2+URIzOjEgqoPtD8RN8dwG/EPP5/E+q4a1Ta6Ii0=
Received: from omp1030.mail.ne1.yahoo.com (98.138.89.174) by BF1-EX10-CAHT16.y.corp.yahoo.com (10.74.209.170) with Microsoft SMTP Server (TLS) id 14.3.181.6; Thu, 3 Apr 2014 12:06:25 -0400
Received: (qmail 55855 invoked by uid 1000); 3 Apr 2014 16:06:24 -0000
Received: (qmail 1822 invoked by uid 60001); 3 Apr 2014 16:06:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1396541184; bh=VrNbInVRI7Hd363AQTOu/yCurFB+yCkIShvvtDViygw=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=NDNitKcaL0avVBL+vUMCNIMvpdOMpqtBk4IS8WOxXmBa4vf4cGlmLL7jL9CXdASn/OhBEVAL0gY6ByjEToVY0oxff8VGYsLFTPb8nSnMbfHcFoshu80Va+4YAcMRIOgXOX7SwLjREf49MI1mRZbXj24spCGZypkyIBU0X3uBOjY=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=A60I6W1kR2kdhTEz1oBgG/R00XtgecDE+I1r5xKT9A5irMDBGfxBGuKkZuVng7eVTGz3S4lyp7u/GJdlNC64emeTK/485lf86W/a8/OFJXrvKNbFhkfrOreZhXc4FjCahfa0TtyL3PObRSuR1qS+mO//n8o3cPrp+qJEBnUsACA=;
X-YMail-OSG: 70XWf8EVM1m2Iw31apjAf9nfhOJZoM8IWoF1mXB2JGfITp. aPqElMSoYTLVWO3mJoisXyTSnjLJv1JD6AmATMvOUMmrxVxQcns0I_lD_nK5 o8cVD0Jijo.f09rIkoUoh1hv.g4Vx6e7fS70mKlTtYYTqyOYP9.tDuyDgtcl 9MrQyWJiXYdSG7ZeVB.wMDUxKP0aqdF2CgKd5GV6D0rsMCxKNOlRej4cN0bf 0S0HtjsXjFkQRZG.YPWrSujZB4L97tpz0xEY5szTLqmkcr0FKosTrC4Y65w1 Qzkrce_u.Hl1vtctBO0WDSMKO5zDGzqQ-
Received: from [99.31.212.42] by web125601.mail.ne1.yahoo.com via HTTP; Thu, 03 Apr 2014 09:06:24 PDT
X-Rocket-MIMEInfo: 002.001, SSByZWFsbHkgKmxpa2UqIHRoZSBuYW1lICJwcm9vZiBvZiBwb3NzZXNzaW9uIiwgYnV0IEkgdGhpbmsgdGhlIGFjcm9ueW0gUG9QIGlzIGdvaW5nIHRvIGJlIGNvbmZ1c2VkIHdpdGggUE9QLsKgIEhPVEsgaGFzIHRoZSBhZHZhbnRhZ2Ugb2Ygbm90IGJlaW5nIGEgaG9tb255bSBmb3IgYXl0aGluZyBlbHNlLsKgIFdoYXQgYWJvdXQgIlBvc3Nlc3Npb24gUHJvb2YiPwoKwqAKLWJpbGwKCgoKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KV2lsbGlhbSBKLiBNaWxscwoiUGFyYW5vaWQiIE1VWCBZYWgBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.182.648
References: <20140403083747.31162.58961.idtracker@ietfa.amsl.com>
Message-ID: <1396541184.357.YahooMailNeo@web125601.mail.ne1.yahoo.com>
Date: Thu, 3 Apr 2014 09:06:24 -0700
From: Bill Mills <wmills@yahoo-inc.com>
To: Phil Hunt <phil.hunt@yahoo.com>, Prateek Mishra <prateek.mishra@oracle.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Justin Richer <jricher@mitre.org>, OAuth WG <oauth@ietf.org>
In-Reply-To: <20140403083747.31162.58961.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1981468715-1974275554-1396541184=:357"
X-Milter-Version: master.31+4-gbc07cd5+
X-CLX-ID: 541186003
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/tsK-_pRofn5JGHwuD4Jp32wr-2E
X-Mailman-Approved-At: Fri, 04 Apr 2014 08:26:01 -0700
Subject: Re: [OAUTH-WG] New Version Notification for draft-hunt-oauth-pop-architecture-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 16:07:21 -0000

I really *like* the name "proof of possession", but I think the acronym PoP is going to be confused with POP.  HOTK has the advantage of not being a homonym for aything else.  What about "Possession Proof"?

 
-bill



--------------------------------
William J. Mills
"Paranoid" MUX Yahoo!


On Thursday, April 3, 2014 1:38 AM, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:
 

A new version of I-D, draft-hunt-oauth-pop-architecture-00.txt
has been successfully submitted by Hannes Tschofenig and posted to the
IETF repository.

Name:        draft-hunt-oauth-pop-architecture
Revision:    00
Title:        OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
Document date:    2014-04-03
Group:        Individual Submission
Pages:        21
URL:            http://www.ietf.org/internet-drafts/draft-hunt-oauth-pop-architecture-00.txt
Status:        https://datatracker.ietf.org/doc/draft-hunt-oauth-pop-architecture/
Htmlized:      http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00


Abstract:
   The OAuth 2.0 bearer token specification, as defined in RFC 6750,
   allows any party in possession of a bearer token (a "bearer") to get
   access to the associated resources (without demonstrating possession
   of a cryptographic key).  To prevent misuse, bearer tokens must to be
   protected from disclosure in transit and at rest.

   Some scenarios demand additional security protection whereby a client
   needs to demonstrate possession of cryptographic keying material when
   accessing a protected resource.  This document motivates the
   development of the OAuth 2.0 proof-of-possession security mechanism.

                                                                                  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat