Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 27 March 2019 16:13 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A767A1202F9 for <oauth@ietfa.amsl.com>; Wed, 27 Mar 2019 09:13:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gwXBALvE51oC for <oauth@ietfa.amsl.com>; Wed, 27 Mar 2019 09:13:33 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30052.outbound.protection.outlook.com [40.107.3.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C667C120283 for <oauth@ietf.org>; Wed, 27 Mar 2019 09:13:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3RLXU49OgsNaffMKClaiT/Rn1iKgP+/kBdu818SXzLs=; b=V6xLu/ZCE0ZzgNwL3YE1u2sTPZH4ECpF5JBzCSngkyRNI3lYdzI//oZ2mDU2YnKYMoPgT1gtYRquCPgfp6cOPo+9+1azQ780WF+hIU3Q+1PbariP5/WfNgr+P2nnBB3QESy9tG+X8EjBfD7I4QOj7ct6183L01gxA/zB6s2JWe4=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1757.eurprd08.prod.outlook.com (10.168.67.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.15; Wed, 27 Mar 2019 16:13:30 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::dd0a:bfcc:b6ce:8d65]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::dd0a:bfcc:b6ce:8d65%11]) with mapi id 15.20.1730.019; Wed, 27 Mar 2019 16:13:30 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "Manger, James" <James.H.Manger@team.telstra.com>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt
Thread-Index: AQHU2A+bcK5wMmkUTUiF+/Hyb6gv0aYHefmAgBg7hMA=
Date: Wed, 27 Mar 2019 16:13:30 +0000
Message-ID: <VI1PR0801MB2112C7F726723178810EDE81FA580@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <155231144978.23050.17841259546883608773@ietfa.amsl.com> <ME1PR01MB07716EBFB28834C960962F96E5490@ME1PR01MB0771.ausprd01.prod.outlook.com>
In-Reply-To: <ME1PR01MB07716EBFB28834C960962F96E5490@ME1PR01MB0771.ausprd01.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [2001:67c:1232:144:b4fd:f594:f317:4fcb]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2d4279d7-68b4-4169-7ef0-08d6b2cf272a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4618075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1757;
x-ms-traffictypediagnostic: VI1PR0801MB1757:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <VI1PR0801MB1757F2197CABF10E3E08231EFA580@VI1PR0801MB1757.eurprd08.prod.outlook.com>
x-forefront-prvs: 0989A7979C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39860400002)(136003)(396003)(346002)(376002)(40434004)(199004)(189003)(13464003)(51914003)(25786009)(52536014)(2906002)(71200400001)(2501003)(97736004)(33656002)(105586002)(71190400001)(66574012)(106356001)(68736007)(5660300002)(186003)(7736002)(305945005)(110136005)(6246003)(256004)(6116002)(14444005)(966005)(53936002)(5024004)(6306002)(55016002)(72206003)(8676002)(6506007)(102836004)(316002)(6436002)(53546011)(81166006)(76176011)(81156014)(99286004)(11346002)(446003)(8936002)(476003)(9686003)(46003)(86362001)(478600001)(14454004)(74316002)(486006)(7696005)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1757; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: fh9Swr7+8KpvbuHa5qLc74p0BccyjlGHC6SIsm4GWz8URvD3Rw/tHgrt2a+++bFE3Cy7Tv7gO5gxtAqkNBMpIAhXCgatOGwQoNlEkl3pietytFnSuxj9s0TizEhu1PZ0sbESMboY1d0jRyeveXsUiJoGC4nTgr1ZIZLTO/QHpilmD/2Vj4xWVuhd7ir6iE7Fhusb2sDhs00+Wya7XBXae6IPZF6ry7hANRkHUIP76mx4rnClcjg9IMt5hnUcRSwSKP8TRfuctv4Yr2kbl4wOvt6luzhcNtvwJfUz+eErU4rAjE30oQp0NnD9hlmWDhAymi0CM0ZKAt+BfFGCdguDwvw484UND2b07CAsfSiUdIgHqs4TlQEwfatdmQS23r9Afye1seE56z2RcrN5fO5qugEJEuONNPfEii9W8YN/+Fk=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d4279d7-68b4-4169-7ef0-08d6b2cf272a
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2019 16:13:30.2923 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1757
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/6S4ZH8e0sp-DaokvkByM-xphXlQ>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2019 16:13:37 -0000
Thanks for the review comments, James. I have just worked on a draft update and incorporated your suggestions. I will submit draft -07 in time for the OAuth WG session tomorrow. Ciao Hannes -----Original Message----- From: OAuth <oauth-bounces@ietf.org> On Behalf Of Manger, James Sent: Dienstag, 12. März 2019 06:33 To: oauth@ietf.org Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt Syntax glitches in draft-ietf-oauth-pop-key-distribution-06: 1. "exp" and "nbf" values should be numbers, not strings, so must not have quotes [Section 4.2.2. "Client-to-AS Response"] 2. h'11' and b64'...' appear in the JSON examples, but should be "..." strings [Section 4.2.2. "Client-to-AS Response", members "kid", "x", "y"] 3. "iss" should be an https URI, such as "https://server.example.com", not "xas.example.com" [Section 4.2.2. "Client-to-AS Response"]. "aud" should probably be https://... as well, not http://.... -- James Manger -----Original Message----- From: OAuth <oauth-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Tuesday, 12 March 2019 12:37 AM To: i-d-announce@ietf.org Cc: oauth@ietf.org Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution Authors : John Bradley Phil Hunt Michael B. Jones Hannes Tschofenig Mihaly Meszaros Filename : draft-ietf-oauth-pop-key-distribution-06.txt Pages : 17 Date : 2019-03-11 Abstract: RFC 6750 specified the bearer token concept for securing access to protected resources. Bearer tokens need to be protected in transit as well as at rest. When a client requests access to a protected resource it hands-over the bearer token to the resource server. The OAuth 2.0 Proof-of-Possession security concept extends bearer token security and requires the client to demonstrate possession of a key when accessing a protected resource. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-06 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-pop-key-distribution-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-pop-key-distribution-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-d… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-k… Manger, James
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-k… Hannes Tschofenig