Hi all, I reviewed the document and have no objections. I think we can move forward with the next steps.
Best regards Vladislav Mladenov Am 09.05.21 um 12:11 schrieb Torsten Lodderstedt: > Hi, > > I have read the document and have no concerns. > > As an editorial feedback, I would suggest to drop „ If implemented > correctly,“ in the abstract since this apparently is a prerequisite > for all kinds of security controls ;-) > > best regards, > Torsten. > >> Am 01.05.2021 um 22:47 schrieb Rifaat Shekh-Yusef >> <rifaat.s.i...@gmail.com>: >> >> >> All, >> >> We have not seen any comments on this document. >> Can you please review the document and provide feedback, or indicate >> that you have reviewed the document and have no concerns. >> >> Regards, >> Rifaat & Hannes >> >> >> On Thu, Apr 15, 2021 at 3:04 AM Karsten Meyer zu Selhausen >> <karsten.meyerzuselhau...@hackmanit.de >> <mailto:karsten.meyerzuselhau...@hackmanit.de>> wrote: >> >> Hi all, >> >> the latest version of the security BCP references >> draft-ietf-oauth-iss-auth-resp-00 as a countermeasures to mix-up >> attacks. >> >> There have not been any concerns with the first WG draft version >> so far: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ >> >> <https://www.google.com/url?q=https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/&source=gmail-imap&ust=1620506842000000&usg=AOvVaw2UMWEyCo2Pur0xsLToomRw> >> >> I would like to ask the WG if there are any comments on or >> concerns with the current draft version. >> >> Otherwise I hope we can move forward with the next steps and >> hopefully finish the draft before/with the security BCP. >> >> Best regards, >> Karsten >> >> -- >> Karsten Meyer zu Selhausen >> Senior IT Security Consultant >> Phone: +49 (0)234 / 54456499 >> Web: https://hackmanit.de >> <https://www.google.com/url?q=https://hackmanit.de&source=gmail-imap&ust=1620506842000000&usg=AOvVaw2LYSz_YVb6u2-vMiiFfv-Q> >> | IT Security Consulting, Penetration Testing, Security Training >> >> Is your OAuth or OpenID Connect client vulnerable to the severe impacts >> of mix-up attacks? Learn how to protect your client in our latest blog post >> on single sign-on: >> >> https://www.hackmanit.de/en/blog-en/132-how-to-protect-your-oauth-client-against-mix-up-attacks >> >> <https://www.google.com/url?q=https://www.hackmanit.de/en/blog-en/132-how-to-protect-your-oauth-client-against-mix-up-attacks&source=gmail-imap&ust=1620506842000000&usg=AOvVaw3J8qLMKy4wtbRsGbZ5s_Zd> >> >> Hackmanit GmbH >> Universitätsstraße 60 (Exzenterhaus) >> 44789 Bochum >> >> Registergericht: Amtsgericht Bochum, HRB 14896 >> Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. >> Christian Mainka, Dr. Marcus Niemietz >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth >> >> <https://www.google.com/url?q=https://www.ietf.org/mailman/listinfo/oauth&source=gmail-imap&ust=1620506842000000&usg=AOvVaw3dG-hH8lliyL13KAjSOYwA> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.google.com/url?q=https://www.ietf.org/mailman/listinfo/oauth&source=gmail-imap&ust=1620506842000000&usg=AOvVaw3dG-hH8lliyL13KAjSOYwA > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- Dr.-Ing. Vladislav Mladenov Horst Görtz Institute for IT-Security Chair for Network and Data Security Ruhr-University Bochum, Germany Universitätsstr. 150, ID 2/457 D-44801 Bochum, Germany http:// www.nds.rub.de Phone: (+49) (0)234 / 32 - 26742 Fax: (+49) (0)234 / 32 - 14347
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
