One more thing I just noticed is that RFC8418 is used as a reference in a few places that I suspect should be RFC8414.
https://tools.ietf.org/html/rfc8418 : Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm with X25519 and X448 in the Cryptographic Message Syntax (CMS) https://tools.ietf.org/html/rfc8414 : OAuth 2.0 Authorization Server Metadata On Tue, Jul 23, 2019 at 5:19 AM Daniel Fett <danielf+oa...@yes.com> wrote: > Thanks Brian, I committed a fix for this. > > -Daniel > > Am 22.07.19 um 20:36 schrieb Brian Campbell: > > The description of I-D.ietf-oauth-mtls in > https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-4..8.1.2 > <https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-4.8..1.2> > talks about binding to and checking against the fingerprint of the public > key from the client certificate. However, > https://tools.ietf.org/html/draft-ietf-oauth-mtls-15 uses a hash of the > whole certificate rather than of just the public key. > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited... > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.* > > _______________________________________________ > OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
