Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dpop-06.txt
Mike Jones <Michael.Jones@microsoft.com> Thu, 03 March 2022 18:56 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8448F3A10CD for <oauth@ietfa.amsl.com>; Thu, 3 Mar 2022 10:56:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.11
X-Spam-Level:
X-Spam-Status: No, score=-7.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WA-3c7zv9JjD for <oauth@ietfa.amsl.com>; Thu, 3 Mar 2022 10:55:59 -0800 (PST)
Received: from na01-obe.outbound.protection.outlook.com (mail-cusazlp170110003.outbound.protection.outlook.com [IPv6:2a01:111:f403:c111::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D7823A12B0 for <oauth@ietf.org>; Thu, 3 Mar 2022 10:55:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NkBtKpvfYTh/XA9GtfdGWe7YW0pnu8i+0BjLyDqpiWSZ1p02rWIAGv4NBULPL1r1XNA6J2lPvdx5dWlp4Txp5Qd1/E2menqQSlsMD9K1HaI4XqWsaZv4aeQuQGnaY2jJL50sTF85LAngnnlxIdJpJYbcMfdZ0GctK2Pr6xzEnhquGBadCMpmM1NuCY1neRAyVa8OMplPl5/XwFGDyF38Dbkw7HI9fF5LrncdlZCMgdyJX5VWxe1ZSlARGyVq97S1jCPkRN5dwQGGNW58oDlGGSoURVoCw9Jzf3vxC+vrBPY03BtDgCSEzDU6KDwGut5gK46+mZFPkaOZ0EWmJgewHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uXffExTaHknmoV4U6uO5DCl3DVFjFILVacM6DCQjUgI=; b=iJTqomTeZmphM0ZdksP2tQ2boayZVzCID9Ja8mGWhVKcjpqk1VHTxHjcKJJuMs03T04BUAjwy5imjQZjlAbqgwFGEjvi5pXDXn1zkue9xX5Vl7gMQKRwXaJA1K2e9R6eDRrZ4GhvPeDI/7e8GMwh66heQ/MOGRoIWYMYo4DU39JW/OcDBzhzvYgUeDxjW85CVVT+5jSwwtABoWNIbrZR82AqDYUPegukVNRmIIQhuyXEmsFXR3rB5XorR8D5hHUIe/7/i1RZVWFc2SGXW8y2Ed5YGFGEFteU9QucwGMOrG2piohubxZuEFb42/xtbUfH7DhtUUhYuV7Y/BPQU1ZSFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uXffExTaHknmoV4U6uO5DCl3DVFjFILVacM6DCQjUgI=; b=WnV8SzIbhFJivETaRomL4G9+imJerlonGw9n69VCv1BeYtHtiIp35csSCZz1N7IX0phD10eJuylQNEoICEwfJyk+PCee7ziLM+BDsKlLZGprk8vQXlaXKKS2kfG3Uk7T6y6N5JHJlgl00s0HSjUrtFXFRwkb4cHBSg8eEdCL57k=
Received: from SJ0PR00MB1005.namprd00.prod.outlook.com (2603:10b6:a03:2d3::18) by SA1PR00MB1138.namprd00.prod.outlook.com (2603:10b6:806:1ad::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.0; Thu, 3 Mar 2022 18:55:38 +0000
Received: from SJ0PR00MB1005.namprd00.prod.outlook.com ([fe80::5044:63b:1f97:9084]) by SJ0PR00MB1005.namprd00.prod.outlook.com ([fe80::5044:63b:1f97:9084%7]) with mapi id 15.20.5081.000; Thu, 3 Mar 2022 18:55:38 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-dpop-06.txt
Thread-Index: AdgvMEQnbGpTmU0RTceIo4nsQAY5Ew==
Date: Thu, 03 Mar 2022 18:55:38 +0000
Message-ID: <SJ0PR00MB1005B30CC1673F6305480D12F5049@SJ0PR00MB1005.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-03-03T18:55:35Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=2e9594df-a735-441e-bf57-150e2d2304c6; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f168b6c8-d441-4307-2c75-08d9fd47686a
x-ms-traffictypediagnostic: SA1PR00MB1138:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <SA1PR00MB113850FB15524967490B208FF5049@SA1PR00MB1138.namprd00.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ypSHr/XkBQHmU+ZN/ICnZ99OZMO9+ojGdeQjx9EZJBd/UHmVISUMQsNOrUofFRF+Ve16keO29dA3QvF567idhr22F4PV9n3L4KQs4b9aVjGHvlfjxrP5CJ+LtZs9eA4Qa7GHyn+dUkWwzac/KRhE3omINi2NvNJ7xvH0MRrUyhLlhrxAzSBIDl2Y3TpNzqKJsaiOZ43w9iAoEaZSvjHPTzZVEPavIkn8UTwwZalFgV1lVnstNeN0LKe/4hvavazmTTqojikBbAQSJLZOxCPgI/BKizHpbxRWMmS5N4GCEI1CWMbA+LE/R+qC350sYur9ClXmqqMLXj/IbLXxi2/NH65KFkoH+VrL3LDJKvp2j+kY8qCDbsJeUDVnK1MFkNLMrsoy3EgzcKTRxAqUZj6QNS2LPnemLVql9ZRgspJMQc+m2/ZdsMFjVFU3Lzq+DNDQitgKLAjXhVnTvbeJel36fRi42hQsuO609RgoeRnbTTbozz8/Gl7VKlbn0it4b9y9VlKm4SNyev1FvKS4cthYl/1rQbBAJ0MpiZayeKM4OIQqlBmmleAPowoGoicg7f9u139UF8iR//nrz3qnDkyp+W6T1m/TbQ3MJNAPb96Fd/xLNlGFlBxDQxo7TZqyyAF1qQQheWJ5jsc3RvTb3BgleVX49358LtLzj7OoXbkOfysq2LQEYQsNhtAeRD/cQEGA43hk64nyh0a22/YmxnNTpYVaze5UL68xUCYUKWsuDPtTONVP4mq8+5EmKPrDpXVdYLcWcjq+aFboRzFYLe1OJS67d1xyqxxnNr4kq1eVfVUhOGingXlKNrstE7dhy0oE+m6RKnVpAE/HSXFAgdg/q2t/4f09mMeRUV3gycdH45YrwYKncWqoQvfkQ4Davh5C
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR00MB1005.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(21615005)(2906002)(66574015)(82950400001)(66446008)(122000001)(76116006)(66556008)(66946007)(66476007)(64756008)(8676002)(82960400001)(55016003)(7696005)(6506007)(166002)(53546011)(26005)(186003)(8990500004)(8936002)(52536014)(38100700002)(71200400001)(316002)(110136005)(83380400001)(9686003)(38070700005)(86362001)(33656002)(5660300002)(966005)(10290500003)(508600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1QuHwzQZ7hohutWCJOCcGJyfGqaua43evj8vXBrQkS+aKSiacFHfAdQY6Mk//BMF2WIm/5DRP6eO8Jml+Dr7xHy2F9VEzrTib4OUEnAwOssGoBUtEIA11o10PSJxfP5CS/MazgaWeHrJ9Q/x85+AQoXLhwA82FVKOiOaJEnVxJd2//C/FE64iGRIuyD2i3Gtqyi2XMooONTWZBw8xuzRyQSrDzy3QnbeLD5PhOb1ERXSGxd1MP0ZzM2bBfPTDK5H6zC3cXGDhXu8hdqZW+0zJ1WmqEZr0VW7CDDHuqfqgBnmIR6jsbtVolDNPotCOaVNwJbFUkv9gz8NJAUj6DJQETiHlCtlg1tVQZIkW8rHqEPxVFxVbVdBmc8DZTB7xEpknp5qlUCAJn5LEkGR1FmFziQ1s9Mzzj7/p1AuRfTgBrICr8fDPwNJCgRHOXHIvW6XnCgB427N2rPXSckR4y9knV/2VI24H+VjyqHYKaqTH2HcmWK7yZiLUHdVFboq7MpYaINHhkcUWhk0O9ucBgBhoYUhXVJYD4XOtlpHyUer/FUFSPAfDmXBcUUI+vghfSTT8CxB9n+sjYTnJf2T9H+4vC3YG4HCv9jNvsywNpiHbCmFL5y0XXlhLbJqCpMuJrxsiK90echRFHqMLPM2uBmxVT3FfFMKCkjMSZXCpllaXGeJycBDC1R9lXOwC5p/GpYokrbBNAbwgtUDHemX8dG5VcQGQdpQjKwF6NuG3GBa/02uTd4JViKJsXHtg9HW2aV6AgjySir5mnOMSawcKtkqnZzJb0kiWuhap3rQDr8U5gNYy6Ka6w6t12LY41Rs9YP+g6c+b2ovCTEDiaE2T3lVOk5Mq67ysvCMiQDHsJsITSyIIaYUiya4kttMnOX54Pnhzx/qAGoGbr4roHyvC0dtbYjoYHleXneeobSBdOvHSfWmOqeVy0ds4c28Fq32Ii+nmc4UxMFtTPthZr3qxs+8aTRwptXwyWl3df8MzeF8XPIlmjKAdpLPPsmysyy1XI6SsMXTQ8s9IxtPotDDhDpRWyQnTxDjsPoWVFLIMdkAkr7vDmvhfyR0MQV9OedKLZ3Au9d3IdA7eYlBBCt79QGwVfQna7ktyVZLhkTrWzKijOtMaTQ/eEUKB/XlNA8qn9S1/CR9G6kAlB9MPPle/7PrP7iAx6GsxQ9Adrx+kZF/5kfce5wbvMYc+kvkedSyOxW0uNpmgkYffMMwuYdmcg1rqwuEGHatnIrBwTcCUkubUyqqC98uA4wq8QiocmtDHoDMTfjIIChvscHjxHSwxhAfVrZ8oAb8FCZ3nrVis6JcWXL+usnYG+hMJvChk0keY3f5yitFQgTt0kTeIfUAYIFZGRIxu1i3y49YbpVXKvxnY8VbNHIZbwVIxRy2jiClEQhsGjWTd1SepHO34uCEyKjwd+JCj3ck3kHhgHYfvwgqxGVX18ujO9bqA/gR155xd5y1
Content-Type: multipart/alternative; boundary="_000_SJ0PR00MB1005B30CC1673F6305480D12F5049SJ0PR00MB1005namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR00MB1005.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f168b6c8-d441-4307-2c75-08d9fd47686a
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2022 18:55:38.4579 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 228VPeB0gCYXrEpHh3diB1Fxq7o6NXnz8fVKEzCBN0I6bBHwMZSf13dfwbMZji8tVCAJKmJkomYq0jI71/Gb1Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR00MB1138
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/wH0np9yKSGnBnLpaiJsR0Dx2fHk>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dpop-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2022 18:56:05 -0000
FYI, I posted about this revision at https://self-issued.info/?p=2258 and https://twitter.com/selfissued/status/1499457532200308755. -- Mike From: OAuth <oauth-bounces@ietf.org> On Behalf Of Brian Campbell Sent: Tuesday, March 1, 2022 1:14 PM To: oauth@ietf.org Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dpop-06.txt This -06 revisoun has a relatively small set of mostly editorial changes and a (hopefully) better name for the client metadata that was introduced in -05. On Tue, Mar 1, 2022 at 1:38 PM <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) Authors : Daniel Fett Brian Campbell John Bradley Torsten Lodderstedt Michael Jones David Waite Filename : draft-ietf-oauth-dpop-06.txt Pages : 42 Date : 2022-03-01 Abstract: This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-06.html A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dpop-06 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
- [OAUTH-WG] I-D Action: draft-ietf-oauth-dpop-06.t… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dpop-… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dpop-… Mike Jones