Re: [OAUTH-WG] DPoP followup II: confirmation style

Brian Campbell <bcampbell@pingidentity.com> Fri, 04 December 2020 21:38 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EA813A0E11 for <oauth@ietfa.amsl.com>; Fri, 4 Dec 2020 13:38:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rXMfcDR4b3GU for <oauth@ietfa.amsl.com>; Fri, 4 Dec 2020 13:38:29 -0800 (PST)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D38423A0DDC for <oauth@ietf.org>; Fri, 4 Dec 2020 13:38:28 -0800 (PST)
Received: by mail-lf1-x134.google.com with SMTP id r24so9640770lfm.8 for <oauth@ietf.org>; Fri, 04 Dec 2020 13:38:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BOmSSUSa8qtxdm7FXvJmI1ZnxSB07b/KkigBB+1jqKw=; b=Mhff1Sy7Mp6KQyKKHnktQvAdL+MUL0x4i2eaL7DabAe4oGC74a0F/jH0A1/4RHfbIM cOjSvJmd8/jnzEly67k2OXxomKlSXqogP6fdHFZRO6GSIqVjaVwJDW1wYYWyiL0Ll4U4 hupssS8xOoKMFprEMQZaQmOyfPacEtYeJgROn5YRUW2Lpcj9/yQwtzRfxrVwY9cSwFR2 qnmfQfxBC1yXH592SBLmN34KuY3Salhs635vgz2te17i0pxB16OJifF+Q/XvrAi0K6sV jYKPfS669hQv91sLSdKktYBu1OYfJZ2kB9wc8u3DC++WSDKjrssbR1DrcCOUg0f1Qf1l bDjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BOmSSUSa8qtxdm7FXvJmI1ZnxSB07b/KkigBB+1jqKw=; b=e/D10r3FNbv8lDK8DiceCJ7P+1pDoEHctnYKSfNGv6DScFJR7Be3+pQT2wMAxNI6kh lvwv/t/2WaD5WhtQL/mMp+O7BapqtIjc+UQtJPw37fvRDQmMwQj4dmqPrH6vNF2EW2aZ 3hwjrB7uNDWUCBoV/fhBnA3rMXnsKgnPs5gDgTk2JGj5wkaHZfRwyV0RnLaU6LVmhM2y izUxaiCyGz3Y8Zg9pyMR3GEUycGIH45L/ecV+5a7uJXS63b9+jlgmQqS6qZ/RmbpEC7J YSADakwG+8ihGYxZg1fakoKE5RkSJNumrszzRd+LwM5wlEpB3j64fFHUUXDbMEhPyNdI XLJQ==
X-Gm-Message-State: AOAM5325C0fJ9EK1U9t/J5ynmY364FJx/R1ug9WaTJrWXvAK0qEAdvFO CEpcdppS7FComVM7zdwcgDNHHeudafaJbsNuDq1vlRAT4ipPMEEQWpxYDSbNaV6aBu+EgUXX/vL K8oag05z2oEw1EA==
X-Google-Smtp-Source: ABdhPJwDgsJ/fyXHoeUZ2Ijq8GNFq5l3Xmomn4pW+kVzVZ4BRRuPKPh8Wg2GngF6jwdEwFGwY84U0KqhEAoaKhs4iK8=
X-Received: by 2002:a19:5215:: with SMTP id m21mr4102187lfb.407.1607117905759; Fri, 04 Dec 2020 13:38:25 -0800 (PST)
MIME-Version: 1.0
References: <CA+k3eCTtE_S5J77R-XkYdWqe0rn_55jT5b=w9MiT+LXJ7OAvUQ@mail.gmail.com> <TY1PR01MB1466B046019192708FF52C46E5F10@TY1PR01MB1466.jpnprd01.prod.outlook.com>
In-Reply-To: <TY1PR01MB1466B046019192708FF52C46E5F10@TY1PR01MB1466.jpnprd01.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 04 Dec 2020 14:37:59 -0700
Message-ID: <CA+k3eCT4x3Vv9i-XAbF5EDVcex+A_tu99PsZXoz0KVSaor8Kxw@mail.gmail.com>
To: toshio9.ito@toshiba.co.jp
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e2abbf05b5aa4b45"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/yReQeI8Kp-35ichf7TG1NbYlnnw>
Subject: Re: [OAUTH-WG] DPoP followup II: confirmation style
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 21:38:30 -0000

On Thu, Dec 3, 2020 at 5:55 PM <toshio9.ito@toshiba.co.jp> wrote:

> I think this topic is related to the question of "followup I: freshness and
>
> coverage of signature". The option 2 for the followup I will also break
> AS/RS
>
> symmetry. If we choose the option 2 for followup I, I think we might as
> well
>
> choose the option 2 for followup II, too.
>

 I've had similar thoughts, for whatever it's worth.

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._