Re: [OAUTH-WG] Call for Feedback on draft-ietf-oauth-iss-auth-resp-00

Sun, 09 May 2021 03:11:49 -0700 

Hi,

I have read the document and have no concerns.

As an editorial feedback, I would suggest to drop „ If implemented correctly,“ 
in the abstract since this apparently is a prerequisite for all kinds of 
security controls ;-)

best regards,
Torsten.

> Am 01.05.2021 um 22:47 schrieb Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com>:
> 
> 
> All,
> 
> We have not seen any comments on this document.
> Can you please review the document and provide feedback, or indicate that you 
> have reviewed the document and have no concerns.
> 
> Regards,
>  Rifaat & Hannes
> 
> 
>> On Thu, Apr 15, 2021 at 3:04 AM Karsten Meyer zu Selhausen 
>> <karsten.meyerzuselhau...@hackmanit.de> wrote:
>> Hi all,
>> 
>> the latest version of the security BCP references 
>> draft-ietf-oauth-iss-auth-resp-00 as a countermeasures to mix-up attacks.
>> 
>> There have not been any concerns with the first WG draft version so far: 
>> https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/
>> 
>> I would like to ask the WG if there are any comments on or concerns with the 
>> current draft version.
>> 
>> Otherwise I hope we can move forward with the next steps and hopefully 
>> finish the draft before/with the security BCP.
>> 
>> Best regards,
>> Karsten
>> 
>> -- 
>> Karsten Meyer zu Selhausen
>> Senior IT Security Consultant
>> Phone:       +49 (0)234 / 54456499
>> Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, 
>> Security Training
>> 
>> Is your OAuth or OpenID Connect client vulnerable to the severe impacts of 
>> mix-up attacks? Learn how to protect your client in our latest blog post on 
>> single sign-on:
>> https://www.hackmanit.de/en/blog-en/132-how-to-protect-your-oauth-client-against-mix-up-attacks
>> 
>> Hackmanit GmbH
>> Universitätsstraße 60 (Exzenterhaus)
>> 44789 Bochum
>> 
>> Registergericht: Amtsgericht Bochum, HRB 14896
>> Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. 
>> Christian Mainka, Dr. Marcus Niemietz
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.google.com/url?q=https://www.ietf.org/mailman/listinfo/oauth&source=gmail-imap&ust=1620506842000000&usg=AOvVaw3dG-hH8lliyL13KAjSOYwA

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to