Re: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607)
Justin Richer <jricher@mit.edu> Fri, 18 August 2023 12:54 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89779C15108C for <oauth@ietfa.amsl.com>; Fri, 18 Aug 2023 05:54:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzXN_6OK-1yz for <oauth@ietfa.amsl.com>; Fri, 18 Aug 2023 05:54:43 -0700 (PDT)
Received: from outgoing-exchange-3.mit.edu (outgoing-exchange-3.mit.edu [18.9.28.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC4D6C14CEFD for <oauth@ietf.org>; Fri, 18 Aug 2023 05:54:42 -0700 (PDT)
Received: from oc11exedge1.exchange.mit.edu (OC11EXEDGE1.EXCHANGE.MIT.EDU [18.9.3.17]) by outgoing-exchange-3.mit.edu (8.14.7/8.12.4) with ESMTP id 37ICs1kj019300; Fri, 18 Aug 2023 08:54:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1692363276; bh=melTo/T+hz2QjP6waYTB8DmekoQuu4og6lbamse/o1c=; h=From:Subject:Date:Message-ID:Content-Type:MIME-Version; b=E9HBIL8nJhm1ii0eEpm5J8vpq3sMseM+eeA6waSxPzEsnOVU19mPkwJiFLtATicXd YX1dWgij0sO9mmtMPwwpvSuktG2dji558+iZGmcaGlgsbUrebTaZWOd+9egeek9/Bs 94wFGFX32OUAx2eArm8ia+QY02SyzRW4dKacjvWmwxd1PpjkaAtfIsQeLlj/5evpO+ K0yk3qef3okaanZ81tlhKztv32VH46GTILUEZ3TGMHb9ArpK0OPv5otixxDZ2pUtjG deUosqBckxknNtoF/mklXmURvskrUEWp9TsC5Qbl2s3adlPSFZpOC7Fe9HJGbPv7XE zopqtbRo3b/Eg==
Received: from oc11expo16.exchange.mit.edu (18.9.4.47) by oc11exedge1.exchange.mit.edu (18.9.3.17) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Fri, 18 Aug 2023 08:53:56 -0400
Received: from oc11exhyb5.exchange.mit.edu (18.9.1.110) by oc11expo16.exchange.mit.edu (18.9.4.47) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Fri, 18 Aug 2023 08:54:16 -0400
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.40) by oc11exhyb5.exchange.mit.edu (18.9.1.110) with Microsoft SMTP Server (TLS) id 15.0.1497.48 via Frontend Transport; Fri, 18 Aug 2023 08:54:16 -0400
Received: from DM6PR01MB4444.prod.exchangelabs.com (2603:10b6:5:78::15) by SJ2PR01MB8283.prod.exchangelabs.com (2603:10b6:a03:541::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.31; Fri, 18 Aug 2023 12:54:09 +0000
Received: from DM6PR01MB4444.prod.exchangelabs.com ([fe80::7fe8:9de9:e874:3835]) by DM6PR01MB4444.prod.exchangelabs.com ([fe80::7fe8:9de9:e874:3835%4]) with mapi id 15.20.6678.031; Fri, 18 Aug 2023 12:54:09 +0000
From: Justin Richer <jricher@mit.edu>
To: RFC Errata System <rfc-editor@rfc-editor.org>, "ietf@justin.richer.org" <ietf@justin.richer.org>, "rdd@cert.org" <rdd@cert.org>, "paul.wouters@aiven.io" <paul.wouters@aiven.io>, "hannes.tschofenig@arm.com" <hannes.tschofenig@arm.com>, "rifaat.s.ietf@gmail.com" <rifaat.s.ietf@gmail.com>
CC: "sunfulong@neusoft.edu.cn" <sunfulong@neusoft.edu.cn>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607)
Thread-Index: AQHZ0Tqn4ktTi2pq9kaRPTqpHA5roK/wA6c8
Date: Fri, 18 Aug 2023 12:54:09 +0000
Message-ID: <DM6PR01MB4444552934A1081B162AD281BD1BA@DM6PR01MB4444.prod.exchangelabs.com>
References: <20230817184251.612BB88BC9@rfcpa.amsl.com>
In-Reply-To: <20230817184251.612BB88BC9@rfcpa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR01MB4444:EE_|SJ2PR01MB8283:EE_
x-ms-office365-filtering-correlation-id: 7c791798-8e09-4702-6601-08db9fea36e5
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RzdRkYswSVE5PmdL0z7L2lK/5r2wy0mtGqTQwEAxEtHoxjInKaQQHNHIHBn6D/EbvIcDWom2HUN1hHOZAt0zNIrr/WF8RC6pXc/e+9Z//h3OEObg7BaHkxxaR4wMoX7eol3VlqLzul/T6FP9dATPEe/rVoa83Nx/uwrpxGGlfcmqpMQXeQC8nouxXxKuAaDw6cChh8NIUefwVAL50BvA+d7ats1oAJ0NiUmC9iDw6AsOi3i7MOskY44++3mX2u6o2Jr1/6KMxBMhaL/vKcEKBiE665vdejU+HYd+S7M8Fo+N4nPpktee5t3sb6BjYNh9pMVsON7zjSwXoQhES0gsClxIdMb+hIhM/peweYcfdlVmCMxfg2RU2rgH33f4qN1hh8dS/DmFq+xzXWjJcikO3WUCZ4NWivg2ph2tg1Oid3riL45TtcGOmX2QfXek+6eLiZ+32MF9Ndy3QbiMMe0FmfNoZUQp+7QBbVwBT1cQ0L6XLBoCSoMjS4gTRfoSJNlqfWKmwKZGU6xcA4b6ryiH8/rFQzkpfwLkLxQtU3zDHUCeLuTaGia3g/uNOs32rm0WcxJrLsnfUTOh/k4+gfAILpkG1S8GiUrlBfXairEvawo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR01MB4444.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(376002)(39860400002)(346002)(136003)(396003)(451199024)(186009)(1800799009)(33656002)(86362001)(55016003)(83380400001)(8936002)(8676002)(4326008)(5660300002)(2906002)(52536014)(41300700001)(166002)(6506007)(7696005)(53546011)(71200400001)(9686003)(75432002)(966005)(122000001)(478600001)(76116006)(786003)(66476007)(316002)(110136005)(64756008)(38100700002)(91956017)(66946007)(38070700005)(66556008)(54906003)(66446008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 77lbYb3wJPk6no/CxmIiL6pOoeDD0Yl/4i2R4v+rZL/WMmnPkEts08ZZNhQN7oI6SuiqOQR+iECx4LvL7vu8EEvhHDRBIMi0r7oRZxm+MjaJiD5rw8qkwWNZQx7oMjy4JuTPDwiGx+E6NiyL8IsXjxrFb2bQ0hViF0gDDTyZbvjwYkqXRC70SuJu62JUga/xaMi7iYIZbHWJ30L+P4ifmfOX1LnbhbwoOjvbIPJ6V6/UKLeqcXDe4UrluKh1t4qhhc3lR8CimPQe3ZZHoHs1bc6Q0NcBrhtLCuKawD51usixRPzbGo+o7d57MsWCgQuBzEsMF+nZhaxHkYpSqKYhvsBejyuQWUcOzXqM94C0Gy23yxQMM4W1JGa5YdQzUwdI2iXKXidlGbwSyzuzM/CsyP8WOkOO6nOfx7B7/dojqpa9SCstlKpYu6a4g2prPmGWAUvXCQBHns5cKQG+p43RLsEz+U974pXfGHdFaYnpupgQGUFB5vBUijmm/Vqm4e9dLIDc1kaNLk8H9+XjaYZIxJdv7rhAjzAvnbhEknS9LLjmC1Zx2+9WCbz1mzAtWLjUG2S5++0HFvy1y8BrK6fdiFAhNmixbCxO7Srg6Wf8ynQCmqlV5ZmRguQg0WmtODu9LEtgahrcfRe4Gz5L+tkVpZQdQGROyEm/GkLHfFrJNGvPwseI8t0BHh5xzhRlmiyEd/cvVNypbpFnpyVj1NbcPBYAyrU59Z43zYXWREfGVg4MF1hHlittaJdhOrNjoWoHwuoT4t1e8bxre8Q/IfYSw1Z33ES112NPl6rEKbmEEg/zMTZDmlTLSe/MlPwgo/NOSiW3M0DjRgTnSMUoB/4AL7rAz5D3/Oj7eF+sjIjljJPwRTBrfSr1e0V0ACGb29AtA92ZF8B3fHzRLFz9V9uiDYAdMXCXBCLAiZ21bAqLmtoUxhVtKvp44gCSBUUOPAIk93jX8kTajtu88URqjtEw1S3upnqK4Ta5EzbXK839QfBgB2iv67ZoY7A/4buTAVtkKNkkf509hvsRt3vbNncM1ac/yUfm7UV0g6oHRtLYdjw8Tv7bgOiuNya/mXq3Vu8V4h5qoXdP4gtgBKPyrl0knGoIjmA7Uu/dprC7z2NzTsOW1S7htegWhxaQwsKh+ZrsK+K52j8AowhYZytBo7gqFMuSf4R/yIk8hCWYktMNY5RYtYbSpZzwSO71SDvrBWFvkTRvMoH8jE6+fKixwFMMTmReykZj4h59isSEw712ywj5CZ3F15dXehircgsmdlz29q5EKlTGV+Bxwz1aKyx8uOMyAknZul+sn/HJdgbWzHLaZSAZuaNH/X1+/Vz0EUcnVj3pfkfdraCBQZtIFC6f6jKhLsCBrzXU/3k8OKTnlaWwVQjqCqBpWDVwdKNCVXyazl0jZFFnD5d0hl87WG5jQiaA1qibEF6Kswjvc1k8tsOH1Yc4ISbkTlSv/S5EbGbHKqj7DSlMqBlKePdrGhUkozgx6EpcM+b9tNlSmv7va9J+Zj9Phpqw9Lsb9y9N4ibGwNeKl5Y1HQMdVlRJyN3VYTaqcutG2maGyjVO4Z1KMD61N+FL7p8teK4paPF1y5DCi/ZDgN2UfDnVAAXVA0zVOzd7Oz/dKye+S1hVNHULj0A=
Content-Type: multipart/alternative; boundary="_000_DM6PR01MB4444552934A1081B162AD281BD1BADM6PR01MB4444prod_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR01MB4444.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7c791798-8e09-4702-6601-08db9fea36e5
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Aug 2023 12:54:09.4773 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: p4t7uDq4W8W3/n/T+WkoyXJU/R7aU60a3XiOF33mZPPd6OXpTwuwEJpQFDst02SW
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR01MB8283
X-OriginatorOrg: mit.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/wsJTtFQGGZ75L62_sb2ZLiEz7QQ>
Subject: Re: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2023 12:54:48 -0000
The resource owner can revoke the token out of band, this errata should be rejected. - Justin ________________________________ From: OAuth <oauth-bounces@ietf.org> on behalf of RFC Errata System <rfc-editor@rfc-editor.org> Sent: Thursday, August 17, 2023 2:42 PM To: ietf@justin.richer.org <ietf@justin.richer.org>; rdd@cert.org <rdd@cert.org>; paul.wouters@aiven.io <paul.wouters@aiven.io>; hannes.tschofenig@arm.com <hannes.tschofenig@arm.com>; rifaat.s.ietf@gmail.com <rifaat.s.ietf@gmail.com> Cc: sunfulong@neusoft.edu.cn <sunfulong@neusoft.edu.cn>; oauth@ietf.org <oauth@ietf.org>; rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org> Subject: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607) The following errata report has been submitted for RFC7662, "OAuth 2.0 Token Introspection". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7607 -------------------------------------- Type: Technical Reported by: Fulong Sun <sunfulong@neusoft.edu.cn> Section: 2.2 Original Text ------------- a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity Corrected Text -------------- a given token has been issued by this authorization server, has not been revoked by the resource owner or client, and is within its given time window of validity Notes ----- RFC 7009 defined a given token can be revoke by client, so should write client here. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC7662 (draft-ietf-oauth-introspection-11) -------------------------------------- Title : OAuth 2.0 Token Introspection Publication Date : October 2015 Author(s) : J. Richer, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] [Technical Errata Reported] RFC7662 (7… RFC Errata System
- Re: [OAUTH-WG] [Technical Errata Reported] RFC766… Justin Richer
- Re: [OAUTH-WG] [Technical Errata Reported] RFC766… Justin Richer
- Re: [OAUTH-WG] [Technical Errata Reported] RFC766… Warren Parad