[GNAP] security concerns / issues with data in URLs
Dick Hardt <dick.hardt@gmail.com> Wed, 18 November 2020 23:04 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E7F63A0DCE for <txauth@ietfa.amsl.com>; Wed, 18 Nov 2020 15:04:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.435
X-Spam-Level:
X-Spam-Status: No, score=-0.435 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_ONLY_08=1.651, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id twJ-IwdIeF7D for <txauth@ietfa.amsl.com>; Wed, 18 Nov 2020 15:04:36 -0800 (PST)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFF6D3A0DCA for <txauth@ietf.org>; Wed, 18 Nov 2020 15:04:35 -0800 (PST)
Received: by mail-lj1-x234.google.com with SMTP id i17so4212088ljd.3 for <txauth@ietf.org>; Wed, 18 Nov 2020 15:04:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=6v1sqUlFAkSeUJzaPYjfnvNWYMa56ErR1xucEDUDbRQ=; b=il2/NCY1o0IBnPr9eHAbW2FudwE5gZflaJdZwY+2qTW19b2SYvrD4bMoKPa/jE6Aw4 ixmZ+HySkxWF4Ex3YkJKfdR0MXIfkGPZIVAHZcvZZpnB9ECBbLtfk3slkguRUSuHvhGl VCb9vFNpMSsSd0EwvaHHwcKNCsscCLUDieRJQCa7kYB5W9JPAGfDSHv/BvEalIrIbUuU fTDc0q0cfs77Hv672PBibXb9sCmgSNttyPkQ6WsFmMSWquD443ySer04iXwfFtWy3Hw3 8Rj4q3kYdrZZmpH3y3k2fVbpGckDYSiVbL8rbzu6QmubuO7/lmqJ2zrSns355wrNe/wU A5wQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=6v1sqUlFAkSeUJzaPYjfnvNWYMa56ErR1xucEDUDbRQ=; b=XaiLQ5SLxqYv1BNY+JxMNUbg/L8V2Jbq7W5X3fcjSELm/R0iRf2+A1nTICjABBM2Y3 e1QEKNieU7evVuPEbsbCln+H6g0MX8wap12/l3A0lhfawarA/B2cIU8Y1KBlvDeCu67L wl/T3v93/nEwqJeVhZl19sSIGjTqPpgfRQ6lH9lDzNtaUG7WmevyvHuclTWWiGXi/NVS wn3R3Kp+b5ZGoV6P/xJJtXU3wHQvgLf7gceMcNDSQjnxvrpd9flV7uSSbFmQBHDVqTJS 74JGWFC4Qs8h5KEviPT+nqE0LGXQ//g+O3t+AM2Qs0Nm95KnxvU9CYpKIWDJzI4vhVZ7 pqDg==
X-Gm-Message-State: AOAM531jR3duuy37nVrOIbH+wz0sPBPcZlP3I+luUsc8szJxclAFj4YJ OjV1RxedNS2B5IDN079hz/jFXL2f5YdI5+4asRBsV9wke6o=
X-Google-Smtp-Source: ABdhPJzsghRWqpzd1ghS6hORgsaZszsdmRvt5vLM+OAeTX8eakBqsbHNFRv9aD3X1avewVbBSZtVGUry36gS3nZrnEs=
X-Received: by 2002:a2e:2281:: with SMTP id i123mr4411213lji.246.1605740674104; Wed, 18 Nov 2020 15:04:34 -0800 (PST)
MIME-Version: 1.0
From: Dick Hardt <dick.hardt@gmail.com>
Date: Wed, 18 Nov 2020 15:03:57 -0800
Message-ID: <CAD9ie-v-y+R0Pv3K0KYtVe43AxJ8o89BXZ1vsrVYSJ3SS8Fa=Q@mail.gmail.com>
To: Aaron Parecki <aaron@parecki.com>
Cc: GNAP Mailing List <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007b42e805b469a21f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/FASyJUUHY36gz-QxqSOA-Q24dpA>
Subject: [GNAP] security concerns / issues with data in URLs
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 23:04:37 -0000
Hey Aaron, In the WG meeting you referenced work in the OAuth WG about removing data that is in URLs for security reaasons. Would you elaborate on what you were referring to? /Dick ᐧ
- [GNAP] security concerns / issues with data in UR… Dick Hardt
- Re: [GNAP] security concerns / issues with data i… Aaron Parecki
- Re: [GNAP] security concerns / issues with data i… Dick Hardt
- Re: [GNAP] security concerns / issues with data i… Leif Johansson
- Re: [GNAP] security concerns / issues with data i… Kyle Larose
- Re: [GNAP] security concerns / issues with data i… Aaron Parecki
- Re: [GNAP] security concerns / issues with data i… Dick Hardt
- Re: [GNAP] security concerns / issues with data i… Aaron Parecki
- Re: [GNAP] security concerns / issues with data i… Dick Hardt
- Re: [GNAP] security concerns / issues with data i… Fabien Imbault
- Re: [GNAP] security concerns / issues with data i… Dick Hardt
- Re: [GNAP] security concerns / issues with data i… Fabien Imbault
- Re: [GNAP] security concerns / issues with data i… Dick Hardt
- Re: [GNAP] security concerns / issues with data i… Fabien Imbault