Discussion:
[OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-01.txt
i***@ietf.org
2017-05-26 20:26:24 UTC
Permalink
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol of the IETF.

Title : Mutual TLS Profiles for OAuth Clients
Authors : Brian Campbell
John Bradley
Nat Sakimura
Torsten Lodderstedt
Filename : draft-ietf-oauth-mtls-01.txt
Pages : 12
Date : 2017-05-26

Abstract:
This document describes Transport Layer Security (TLS) mutual
authentication using X.509 certificates as a mechanism for both OAuth
client authentication to the token endpoint as well as for sender
constrained access to OAuth protected resources.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-mtls-01
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-01


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Brian Campbell
2017-05-26 20:34:28 UTC
Permalink
A new draft of "Mutual TLS Profiles for OAuth Clients" has been
published. The changes from the previous version are summarized below.


draft-ietf-oauth-mtls-01
<https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01>

o Added more explicit details of using RFC 7662
<https://datatracker.ietf.org/doc/html/rfc7662> token introspection
with mutual TLS sender constrained access tokens.
o Added an IANA OAuth Token Introspection Response Registration
request for "cnf".
o Specify that tls_client_auth_subject_dn and
tls_client_auth_root_dn are RFC 4514
<https://datatracker.ietf.org/doc/html/rfc4514> String Representation
of
Distinguished Names.
o Changed tls_client_auth_issuer_dn to tls_client_auth_root_dn.
o Changed the text in the Section 3
<https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01#section-3>
to not be specific about using a
hash of the cert.
o Changed the abbreviated title to 'OAuth Mutual TLS' (previously
was the acronym MTLSPOC).




---------- Forwarded message ----------
From: <internet-***@ietf.org>
Date: Fri, May 26, 2017 at 2:26 PM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-01.txt
To: i-d-***@ietf.org
Cc: ***@ietf.org



A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol of the IETF.

Title : Mutual TLS Profiles for OAuth Clients
Authors : Brian Campbell
John Bradley
Nat Sakimura
Torsten Lodderstedt
Filename : draft-ietf-oauth-mtls-01.txt
Pages : 12
Date : 2017-05-26

Abstract:
This document describes Transport Layer Security (TLS) mutual
authentication using X.509 certificates as a mechanism for both OAuth
client authentication to the token endpoint as well as for sender
constrained access to OAuth protected resources.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-mtls-01
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-01


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Takahiko Kawasaki
2017-06-12 11:33:25 UTC
Permalink
Hello,

I'm sorry for this FAQ but where can I make comments for the draft of
"Mutual TLS Profiles for OAuth Clients"?

I found a trivial editorial issue in the last paragraph in "3. Mutual TLS
Sender Constrained Resources Access". The second 'that' in "... verify that
the that certificate matches ..." should be removed (= that part should be
"... verify that the certificate matches ..."). Is it enough to mention it
in this mailing list like this?

Best Regards,
Takahiko Kawasaki
A new draft of "Mutual TLS Profiles for OAuth Clients" has been published. The changes from the previous version are summarized below.
draft-ietf-oauth-mtls-01 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01>
o Added more explicit details of using RFC 7662 <https://datatracker.ietf.org/doc/html/rfc7662> token introspection
with mutual TLS sender constrained access tokens.
o Added an IANA OAuth Token Introspection Response Registration
request for "cnf".
o Specify that tls_client_auth_subject_dn and
tls_client_auth_root_dn are RFC 4514 <https://datatracker.ietf.org/doc/html/rfc4514> String Representation of
Distinguished Names.
o Changed tls_client_auth_issuer_dn to tls_client_auth_root_dn.
o Changed the text in the Section 3 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01#section-3> to not be specific about using a
hash of the cert.
o Changed the abbreviated title to 'OAuth Mutual TLS' (previously
was the acronym MTLSPOC).
---------- Forwarded message ----------
Date: Fri, May 26, 2017 at 2:26 PM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol of the IETF.
Title : Mutual TLS Profiles for OAuth Clients
Authors : Brian Campbell
John Bradley
Nat Sakimura
Torsten Lodderstedt
Filename : draft-ietf-oauth-mtls-01.txt
Pages : 12
Date : 2017-05-26
This document describes Transport Layer Security (TLS) mutual
authentication using X.509 certificates as a mechanism for both OAuth
client authentication to the token endpoint as well as for sender
constrained access to OAuth protected resources.
https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/
https://tools.ietf.org/html/draft-ietf-oauth-mtls-01
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-01
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Brian Campbell
2017-06-12 11:57:21 UTC
Permalink
Thanks Takahiko, mentioning it on the list is enough. I've fixed it in the
editors' draft
https://github.com/ietf-oauth-mtls/i-d/commit/c6725e30dd1dc2f77aa293bce7fd1849713ed406
Post by Takahiko Kawasaki
Hello,
I'm sorry for this FAQ but where can I make comments for the draft of
"Mutual TLS Profiles for OAuth Clients"?
I found a trivial editorial issue in the last paragraph in "3. Mutual TLS
Sender Constrained Resources Access". The second 'that' in "... verify that
the that certificate matches ..." should be removed (= that part should be
"... verify that the certificate matches ..."). Is it enough to mention it
in this mailing list like this?
Best Regards,
Takahiko Kawasaki
A new draft of "Mutual TLS Profiles for OAuth Clients" has been published. The changes from the previous version are summarized below.
draft-ietf-oauth-mtls-01 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01>
o Added more explicit details of using RFC 7662 <https://datatracker.ietf.org/doc/html/rfc7662> token introspection
with mutual TLS sender constrained access tokens.
o Added an IANA OAuth Token Introspection Response Registration
request for "cnf".
o Specify that tls_client_auth_subject_dn and
tls_client_auth_root_dn are RFC 4514 <https://datatracker.ietf.org/doc/html/rfc4514> String Representation of
Distinguished Names.
o Changed tls_client_auth_issuer_dn to tls_client_auth_root_dn.
o Changed the text in the Section 3 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01#section-3> to not be specific about using a
hash of the cert.
o Changed the abbreviated title to 'OAuth Mutual TLS' (previously
was the acronym MTLSPOC).
---------- Forwarded message ----------
Date: Fri, May 26, 2017 at 2:26 PM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol of the IETF.
Title : Mutual TLS Profiles for OAuth Clients
Authors : Brian Campbell
John Bradley
Nat Sakimura
Torsten Lodderstedt
Filename : draft-ietf-oauth-mtls-01.txt
Pages : 12
Date : 2017-05-26
This document describes Transport Layer Security (TLS) mutual
authentication using X.509 certificates as a mechanism for both OAuth
client authentication to the token endpoint as well as for sender
constrained access to OAuth protected resources.
https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/
https://tools.ietf.org/html/draft-ietf-oauth-mtls-01
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-01
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
--
*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you.*
Takahiko Kawasaki
2017-06-15 18:18:48 UTC
Permalink
Dear Brian,

Thank you for having fixed it.

I don't think my name should be listed in the document just for this,
though. It's too unbalanced considering others' contribution...

Best,
Taka
Post by Brian Campbell
Thanks Takahiko, mentioning it on the list is enough. I've fixed it in
the editors' draft https://github.com/ietf-oauth-mtls/i-d/commit/
c6725e30dd1dc2f77aa293bce7fd1849713ed406
Post by Takahiko Kawasaki
Hello,
I'm sorry for this FAQ but where can I make comments for the draft of
"Mutual TLS Profiles for OAuth Clients"?
I found a trivial editorial issue in the last paragraph in "3. Mutual TLS
Sender Constrained Resources Access". The second 'that' in "... verify that
the that certificate matches ..." should be removed (= that part should be
"... verify that the certificate matches ..."). Is it enough to mention it
in this mailing list like this?
Best Regards,
Takahiko Kawasaki
A new draft of "Mutual TLS Profiles for OAuth Clients" has been published. The changes from the previous version are summarized below.
draft-ietf-oauth-mtls-01 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01>
o Added more explicit details of using RFC 7662 <https://datatracker.ietf.org/doc/html/rfc7662> token introspection
with mutual TLS sender constrained access tokens.
o Added an IANA OAuth Token Introspection Response Registration
request for "cnf".
o Specify that tls_client_auth_subject_dn and
tls_client_auth_root_dn are RFC 4514 <https://datatracker.ietf.org/doc/html/rfc4514> String Representation of
Distinguished Names.
o Changed tls_client_auth_issuer_dn to tls_client_auth_root_dn.
o Changed the text in the Section 3 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01#section-3> to not be specific about using a
hash of the cert.
o Changed the abbreviated title to 'OAuth Mutual TLS' (previously
was the acronym MTLSPOC).
---------- Forwarded message ----------
Date: Fri, May 26, 2017 at 2:26 PM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol of the IETF.
Title : Mutual TLS Profiles for OAuth Clients
Authors : Brian Campbell
John Bradley
Nat Sakimura
Torsten Lodderstedt
Filename : draft-ietf-oauth-mtls-01.txt
Pages : 12
Date : 2017-05-26
This document describes Transport Layer Security (TLS) mutual
authentication using X.509 certificates as a mechanism for both OAuth
client authentication to the token endpoint as well as for sender
constrained access to OAuth protected resources.
https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/
https://tools.ietf.org/html/draft-ietf-oauth-mtls-01
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-01
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-01
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
*CONFIDENTIALITY NOTICE: This email may contain confidential and
privileged material for the sole use of the intended recipient(s). Any
review, use, distribution or disclosure by others is strictly prohibited.
If you have received this communication in error, please notify the sender
immediately by e-mail and delete the message and any file attachments from
your computer. Thank you.*
Loading...