I presented this issue to the IESG at the informal meeting this morning. They agreed that a narrowly focused document explaining the issues and the mitigations for all the relevant RFCs is the most expedient option. So, proceed on.
They also agreed that expediting this draft would be a good thing. Note: while the informal meetings are not public, they are minuted. I can point back to these in the case that ADs forget what was agreed. There are other techniques that the IESG uses to 'set the stage' for a draft. Deb On Sat, Apr 26, 2025 at 12:39 AM Michael Jones <michael_b_jo...@hotmail.com> wrote: > The new introduction text at > https://www.ietf.org/archive/id/draft-ietf-oauth-rfc7523bis-01.html#name-introduction > is intended to make this clear. > > > > Thanks, > > -- Mike > > > > *From:* Watson Ladd <watsonbl...@gmail.com> > *Sent:* Thursday, April 24, 2025 3:08 PM > *To:* Deb Cooley <debcool...@gmail.com> > *Cc:* Brian Campbell <bcampbell=40pingidentity....@dmarc.ietf.org>; IETF > oauth WG <oauth@ietf.org> > *Subject:* [OAUTH-WG] Re: Updates to RFC 7523 > > > > > > > > > > On Thu, Apr 24, 2025, 3:02 PM Deb Cooley <debcool...@gmail.com> wrote: > > So, I went back and looked at the OAUTH 122 meetings, and I was at that > session (in my defense it was on Friday and Ben will remember what that's > like). So apologies.... > > > > I will go back and re-look at the facts, and I do, in fact, have it as a > topic on the informal next week. > > > > So in any case, it will be sorted by next Thursday. And once the wg > thinks it is ready to go, we can expedite on the IESG/RFC Editor end. > > > > If the only thing we're doing is fixing this one security problem a few > editorial bits might want changing to make that clearer > > > > Deb > > > > > > > > On Thu, Apr 24, 2025 at 7:51 AM Deb Cooley <debcool...@gmail.com> wrote: > > I was at the OAUTH interim where this was discussed. I did feel like the > current course was more straightforward for those implementing. [if this > was discussed at 122, my memory fails me] > > > > As a caution, I have added this issue to the next IESG informal meeting. > I will relay the result of that discussion here. > > > > Deb > > > > > > > > On Wed, Apr 23, 2025 at 3:31 PM Brian Campbell <bcampbell= > 40pingidentity....@dmarc.ietf.org> wrote: > > I commented on, and approved, the PR but will say on-list here for > posterity that, even from a structural standpoint, I think that it'd be > more straightforward to build up from > https://datatracker.ietf.org/doc/html/draft-campbell-oauth-rfc7523redux > (acknowledging it's little more than an outline currently) rather than > reworking/working from the current xml > <https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis/blob/ae2bb070cd1624881ceffdafcaf631cabe54c57b/draft-ietf-oauth-rfc7523bis.xml>. > But to the extent things are moving in that direction, I'm good with it. > > > > On Tue, Apr 22, 2025 at 1:04 PM Brian Campbell <bcampb...@pingidentity.com> > wrote: > > > > On Tue, Apr 22, 2025 at 1:01 PM Benjamin Kaduk <ka...@mit.edu> wrote: > > I hope we don't end up with a "late surprise" later on. > > > > Yeah, me too. > > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*_______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org > >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
