[OAUTH-WG] MTLS vs. DPOP
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 07 May 2019 08:25 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 620C712009E for <oauth@ietfa.amsl.com>; Tue, 7 May 2019 01:25:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id meQSpY0fHFK2 for <oauth@ietfa.amsl.com>; Tue, 7 May 2019 01:25:37 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10072.outbound.protection.outlook.com [40.107.1.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFF8812001E for <oauth@ietf.org>; Tue, 7 May 2019 01:25:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=32hJJBCdZNHsuNWkZJKOKm5aH6Qy1ljzWVyN4YTMnP0=; b=jf7eJJKlXyKFwXvIRzeyd/NCtRgdFqk8oRXbbMNDH7F6fae6y1dPcgGdgwespn4G0Om9WWMO843jCVjYPirP0QyXvjhE66DXr/EXJWv33rOgU3PgwiYjATY9tyBg0CAlQGqd21zEJnbLksYcZOeF061BRpnOoyTYi/vA5/waVxk=
Received: from DBBPR08MB4539.eurprd08.prod.outlook.com (20.179.44.144) by DBBPR08MB4728.eurprd08.prod.outlook.com (10.255.79.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.10; Tue, 7 May 2019 08:25:34 +0000
Received: from DBBPR08MB4539.eurprd08.prod.outlook.com ([fe80::3803:e042:abea:cd93]) by DBBPR08MB4539.eurprd08.prod.outlook.com ([fe80::3803:e042:abea:cd93%5]) with mapi id 15.20.1856.012; Tue, 7 May 2019 08:25:34 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: MTLS vs. DPOP
Thread-Index: AdUErRQrEyJTkDUdQjmHcwr6XcEhZQ==
Date: Tue, 07 May 2019 08:25:34 +0000
Message-ID: <DBBPR08MB4539BA4621AC8029AEF4F8C8FA310@DBBPR08MB4539.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.123.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 763b84da-368d-402d-cda2-08d6d2c59379
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DBBPR08MB4728;
x-ms-traffictypediagnostic: DBBPR08MB4728:
x-microsoft-antispam-prvs: <DBBPR08MB472816272B8D0F83AD774C5AFA310@DBBPR08MB4728.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-forefront-prvs: 0030839EEE
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(346002)(136003)(396003)(376002)(366004)(199004)(189003)(53754006)(40434004)(66446008)(66556008)(66476007)(66946007)(76116006)(73956011)(7736002)(74316002)(2906002)(52536014)(6436002)(71200400001)(316002)(86362001)(71190400001)(478600001)(25786009)(66066001)(72206003)(486006)(476003)(55016002)(186003)(81166006)(81156014)(1730700003)(9686003)(64756008)(54896002)(6306002)(53936002)(5640700003)(99286004)(33656002)(3846002)(14454004)(6506007)(6116002)(790700001)(7696005)(4744005)(8676002)(68736007)(8936002)(2351001)(5660300002)(5024004)(14444005)(6916009)(256004)(26005)(2501003)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:DBBPR08MB4728; H:DBBPR08MB4539.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: F/OAU8KhD7DB+rZR01Q/StcPD3YmBvmiL5sqK0/v2EgpwA/YPxVUVdkQFOj0Zuw7X5Uyyxb1ZkmKLYl+rqWRnsQKR5L73D74UL2PR/2iPpMiCs6VGZoD4N4gkbiZ+AS5ukwRHmzkRz7baiERyeLC2AmJKLG2zmFbsKU3UWy4yXSgkyin/MvVOPegYFHm7sO7MGDVuFBKy69oCQTxLgzjV4WokIONrm/EOkac5ZsIReU2/3NaRlrbrPWkHx1n6/9jtMD8BRwLX5HX/UJ18V/tcnG7NdUIRVEWpoiHxd7dph3aBast6p4Bcgst9lOZIoAPUme4BwrD1u7QNZIvAMRekoVq2ah/sV/2IGCIZybAcrQdsu0M4/pHyVfliErnJisTlNK16r4/lBtnBK0KU0IaQlIKp7ucO+bYikcyHwrXWb4=
Content-Type: multipart/alternative; boundary="_000_DBBPR08MB4539BA4621AC8029AEF4F8C8FA310DBBPR08MB4539eurp_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 763b84da-368d-402d-cda2-08d6d2c59379
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 May 2019 08:25:34.2576 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4728
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/GO9-36zQOb5KTuTCx3Rf9zzC2co>
Subject: [OAUTH-WG] MTLS vs. DPOP
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2019 08:25:39 -0000
Hi all, In the OAuth conference call today Vittorio mentioned that some folks are wondering whether DPOP is essentially a superset of MTLS and whether it makes sense to only proceed with one solution rather potentially two. I was wondering whether others in the group have a few about this aspect? Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [OAUTH-WG] MTLS vs. DPOP Hannes Tschofenig
- Re: [OAUTH-WG] MTLS vs. DPOP George Fletcher
- Re: [OAUTH-WG] MTLS vs. DPOP Daniel Fett
- Re: [OAUTH-WG] MTLS vs. DPOP Vittorio Bertocci
- Re: [OAUTH-WG] MTLS vs. DPOP Hannes Tschofenig
- Re: [OAUTH-WG] MTLS vs. DPOP Brian Campbell
- Re: [OAUTH-WG] MTLS vs. DPOP Torsten Lodderstedt
- Re: [OAUTH-WG] MTLS vs. DPOP Benjamin Kaduk
- Re: [OAUTH-WG] MTLS vs. DPOP Karl McGuinness
- Re: [OAUTH-WG] MTLS vs. DPOP Torsten Lodderstedt
- Re: [OAUTH-WG] MTLS vs. DPOP Karl McGuinness
- Re: [OAUTH-WG] MTLS vs. DPOP David Waite
- Re: [OAUTH-WG] MTLS vs. DPOP Torsten Lodderstedt
- Re: [OAUTH-WG] MTLS vs. DPOP Hannes Tschofenig
- Re: [OAUTH-WG] MTLS vs. DPOP Justin Richer