Hi, I have read the document and have no concerns.
As an editorial feedback, I would suggest to drop „ If implemented correctly,“ in the abstract since this apparently is a prerequisite for all kinds of security controls ;-) best regards, Torsten. > Am 01.05.2021 um 22:47 schrieb Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com>: > > > All, > > We have not seen any comments on this document. > Can you please review the document and provide feedback, or indicate that you > have reviewed the document and have no concerns. > > Regards, > Rifaat & Hannes > > >> On Thu, Apr 15, 2021 at 3:04 AM Karsten Meyer zu Selhausen >> <karsten.meyerzuselhau...@hackmanit.de> wrote: >> Hi all, >> >> the latest version of the security BCP references >> draft-ietf-oauth-iss-auth-resp-00 as a countermeasures to mix-up attacks. >> >> There have not been any concerns with the first WG draft version so far: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ >> >> I would like to ask the WG if there are any comments on or concerns with the >> current draft version. >> >> Otherwise I hope we can move forward with the next steps and hopefully >> finish the draft before/with the security BCP. >> >> Best regards, >> Karsten >> >> -- >> Karsten Meyer zu Selhausen >> Senior IT Security Consultant >> Phone: +49 (0)234 / 54456499 >> Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, >> Security Training >> >> Is your OAuth or OpenID Connect client vulnerable to the severe impacts of >> mix-up attacks? Learn how to protect your client in our latest blog post on >> single sign-on: >> https://www.hackmanit.de/en/blog-en/132-how-to-protect-your-oauth-client-against-mix-up-attacks >> >> Hackmanit GmbH >> Universitätsstraße 60 (Exzenterhaus) >> 44789 Bochum >> >> Registergericht: Amtsgericht Bochum, HRB 14896 >> Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. >> Christian Mainka, Dr. Marcus Niemietz >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.google.com/url?q=https://www.ietf.org/mailman/listinfo/oauth&source=gmail-imap&ust=1620506842000000&usg=AOvVaw3dG-hH8lliyL13KAjSOYwA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth