[OAUTH-WG] Feedback Re: I-D Action: draft-ietf-oauth-spop-06.txt

Bill Mills <wmills_92105@yahoo.com> Tue, 27 January 2015 20:30 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F9321A8A29 for <oauth@ietfa.amsl.com>; Tue, 27 Jan 2015 12:30:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.39
X-Spam-Level:
X-Spam-Status: No, score=0.39 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SLUj7p4nNad3 for <oauth@ietfa.amsl.com>; Tue, 27 Jan 2015 12:30:03 -0800 (PST)
Received: from nm39-vm1.bullet.mail.bf1.yahoo.com (nm39-vm1.bullet.mail.bf1.yahoo.com [72.30.239.145]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72AAF1A1ADA for <oauth@ietf.org>; Tue, 27 Jan 2015 12:30:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1422390602; bh=HoSjVEX4QnDxQJO+4JwNsLLQ+ibMEFPuwGTlqk3S3pw=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=XVPupmomjv0Kssgzzyjb7kOAJEpV3u5cimgswIZB29cD0oRibcIVDyUsY90kCDHDBshVAR5QEVnBkjF97LJW3oqZE9FX1XHZ1M7OV6M0gHjQY9tmsKGF7qPvPErWiZ6b05teZZN89g6z9dIRE8pgZZiqXFN+aSzUoxJvHJ1w4T6o+OwHxBW+QbQphuZH6ad3dMinPDdHhsdTK9i8omeIrfM5uMsaRRTU0cHhLFCveoYpBx3gBjznAUgsrmT7crqu9dfv3FphBSTlVXe4Li9wETb+tfhlZRkrBC6GLZ+r5PLsmW9Ty2dzQvrxIberS7pFWCqpmDVCaH+xJ8z1L5cXGg==
Received: from [98.139.214.32] by nm39.bullet.mail.bf1.yahoo.com with NNFMP; 27 Jan 2015 20:30:02 -0000
Received: from [98.139.212.215] by tm15.bullet.mail.bf1.yahoo.com with NNFMP; 27 Jan 2015 20:30:02 -0000
Received: from [127.0.0.1] by omp1024.mail.bf1.yahoo.com with NNFMP; 27 Jan 2015 20:30:02 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 623969.30222.bm@omp1024.mail.bf1.yahoo.com
X-YMail-OSG: e4k6I98VM1l25Dy_6d56npX3D_SAEXC5jhyS2Fy7Odlxdnvgl8h19_e55vSr9Rc d_vEkMvDBfghDGhKy6EDSzv7y72WbsHCEjs67I0caXqnvYLFmfdG605secNyMiHaEcO43OkpFFXU hl7nf7vIy5719mIc2Eh.6pakIt68Fdxx6b3nb5IsZIAmvdrO18Uk4y87neNBkE5AAXP9YnPHZvQU SPxSogvPUFacDFedkpXBeZyaWWeQDVy8XtgXHFbj1uRkSHWiMmwSniN1uTWwF569.QD8LtHLCxhR NgH_67jiXRJBedylA6wLQSsLSt7xtiR7YNPX3LvV.dcVYgJY_Bu67eM6fEHeJo_bV3w.UUXuTXfN p_UeEBxAfL8c2vVwpPHRv0GfQ2BhGoGOd2VtKIvnKasSKm8tP98CcoHSDjxlzoRchwD.qjEEyLGi momURn.8sUr4XwWEBXFNRNs0k1DQFAB_tNvazzw.D6aIjHYpSUdXlvzgU7UlUoHH00KZLUkwcJJh oi60h9pUPDLvYoud1.Pairvk3MlAxHkntA7qEyOXqvVUmfwUqup6Tl133lxqHdq1VnA--
Received: by 76.13.26.79; Tue, 27 Jan 2015 20:30:02 +0000
Date: Tue, 27 Jan 2015 20:30:01 +0000 (UTC)
From: Bill Mills <wmills_92105@yahoo.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Message-ID: <2113997045.1403215.1422390601736.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <20150122022235.19741.40036.idtracker@ietfa.amsl.com>
References: <20150122022235.19741.40036.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1403214_1309327360.1422390601733"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/wMwKsxIR2Ev37CcgIqa7boW6fIg>
Subject: [OAUTH-WG] Feedback Re: I-D Action: draft-ietf-oauth-spop-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jan 2015 20:30:05 -0000

7.2 --  "If the server does not support PKCE, it does not generate error." should read "If the server does not support PKCE it does not generate an error."
Otherwise read to go in my opinion. 

     On Wednesday, January 21, 2015 6:23 PM, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:
   

 
A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title          : Proof Key for Code Exchange by OAuth Public Clients
        Authors        : Nat Sakimura
                          John Bradley
                          Naveen Agarwal
    Filename        : draft-ietf-oauth-spop-06.txt
    Pages          : 16
    Date            : 2015-01-21

Abstract:
  OAuth 2.0 public clients utilizing the Authorization Code Grant are
  susceptible to the authorization code interception attack.  This
  specification describes the attack as well as a technique to mitigate
  against the threat.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-spop/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-spop-06

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-spop-06


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth