Hi,
In performing my shephard review of draft-ietf-oauth-pop-architecture I
found one issue that was bugging me: you talk about target naming "too
late" in the draft. I.e., as I was reading through section 3.1 about
token reuse I think it doesn't have enough detail about how you would
prevent server A asking the client for a token for a resource of server
B, and then server A acting as the client for server B? I.e., how do
you prevent server A acting as a MITM between the client and server B?
(This is sort of the same question that resulted in TLS channel
bindings).
I know this target (scope) protection exists, and it's even discussed a
bit later in the document but it's not even mentioned as a possible
threat in 3.1, which seems like a glaring ommission.
I'll create a more formal shephard review but I'd suggest some
additional text to at least mention this threat in 3.1; you can provide
a pointer to the protections then, too.
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
