Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector

Nat Sakimura <sakimura@gmail.com> Thu, 21 January 2016 14:28 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15EB71A886C for <oauth@ietfa.amsl.com>; Thu, 21 Jan 2016 06:28:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKog2yxalZW3 for <oauth@ietfa.amsl.com>; Thu, 21 Jan 2016 06:28:46 -0800 (PST)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD5731A87D9 for <oauth@ietf.org>; Thu, 21 Jan 2016 06:28:45 -0800 (PST)
Received: by mail-qk0-x22f.google.com with SMTP id x1so16341308qkc.1 for <oauth@ietf.org>; Thu, 21 Jan 2016 06:28:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=KI4+XCP3IDOJ2gJ4YZOYzTOtr9EX53yRMu4cxXPCQGg=; b=r/URMFdF3F6F/LB44CJBh3n2KrNPAFC0aV4KU9QxdMqwtsUewBS0kbVVz32bm/8ZPW A/7ICAtTmyzB0ohFrQRGlCPTgidG9MZRJAWgsxs7VKBNknaV1l3oynjPaTjfwn0Fn09I RFayvKRcgxnC9k4zh2XKHbHAJSm8Zn2RFLmjMhJkfpAWw2y4enPGhWl0tn3ZXs4Ucdf2 wpz8ifUeaICpcqreHQFG4xdpq8Z2iyDb2PGK8mroIdoCV0eDjrw4Rh+U4tB54dq2LIqZ 3rh9EDbyude0URRMeluO2Iq7pM+AdFChF3UPSNEnW6FZzjDyDWS9GMAM57/s+xbzY8hB Yq4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=KI4+XCP3IDOJ2gJ4YZOYzTOtr9EX53yRMu4cxXPCQGg=; b=Gw8sOCq9nLz9HOBLK6v6bREtzaEE7hMsnJOhT1pqvpMWB1Qxf7ivIOCLQKXu90iz8K ki7H2IJpy92/lY1TbR4qJCPxk2ZnklJm93Vf+I9w2tL3KpF7ix/gKhR57Mx1kecxv9J4 tBPigmW2xXbMkCFU4RkEOz3DGC0d1GAc8J/+TaEj0rgkDKpFVpR4fDv+8E0p6lXDWbxC PVwpqj4LJ9ii3ouM29EmmqZoO8VLKIE+PwFiEjbmC0yKoYjrV9LFMJo4G7+TGRLINkID X8W7QgKhIN29BmPFvAgoyEkFkmaxmelQuH8eR1cXCxpPoUZgy29276lZe+JIrXLyyQJe 8EnA==
X-Gm-Message-State: ALoCoQksG3UFFuRofm2A53SVFaaBOMRphFkdPzsYNwcYBqqZ+ws5mGR5YKPZFPrVF7rRLz32dnaiiwW7Fd5st0SRDzZ+cCF6CA==
X-Received: by 10.55.78.207 with SMTP id c198mr51687730qkb.34.1453386525109; Thu, 21 Jan 2016 06:28:45 -0800 (PST)
MIME-Version: 1.0
References: <569E2260.4080904@gmx.net> <CAAP42hCmVB0QzAqFaFa68j1FbjSgZ-xSWw+CHT+fa_EsL2W22w@mail.gmail.com> <B1D935B9-0716-4F68-8C6A-9538CEF021F3@ve7jtb.com>
In-Reply-To: <B1D935B9-0716-4F68-8C6A-9538CEF021F3@ve7jtb.com>
From: Nat Sakimura <sakimura@gmail.com>
Date: Thu, 21 Jan 2016 14:28:35 +0000
Message-ID: <CABzCy2AZ3ZNhgNxD8pZysvd6zHVhSte7m2+=HjPRxsO4WQW5dA@mail.gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>, William Denniss <wdenniss@google.com>
Content-Type: multipart/alternative; boundary=001a114a7c9c8cf62a0529d8ebd9
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/wDRfGKMPGkuhxDn-NPIDNsV-XNo>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2016 14:28:48 -0000

+1 apart from the title... It sounds like the spec is implementing OAuth
Open Redirector...
Something like "preventing OAuth open redirector" or so might be more
descriptive.

Nat

2016年1月21日(木) 23:08 John Bradley <ve7jtb@ve7jtb.com>om>:

> +1 for adoption
>
> On Jan 21, 2016, at 3:18 AM, William Denniss <wdenniss@google.com> wrote:
>
> +1 for adoption.
>
> On Tue, Jan 19, 2016 at 7:47 PM, Hannes Tschofenig <
> hannes.tschofenig@gmx.net> wrote:
>
>> Hi all,
>>
>> this is the call for adoption of OAuth 2.0 Security: OAuth Open
>> Redirector, see
>> https://tools.ietf.org/html/draft-bradley-oauth-open-redirector-02
>>
>> Please let us know by Feb 2nd whether you accept / object to the
>> adoption of this document as a starting point for work in the OAuth
>> working group.
>>
>> Note: At the IETF Yokohama we asked for generic feedback about doing
>> security work in the OAuth working group and there was very positive
>> feedback. However, for the adoption call we need to ask for individual
>> documents. Hence, you need to state your view again.
>>
>> Ciao
>> Hannes & Derek
>>
>>
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>