[OAUTH-WG] Re: Status List Feature Request

2025-02-26 Thread Brian Campbell 
I concur with Filip's perspective.

On Wed, Feb 26, 2025, 4:21 PM Filip Skokan  wrote:

> I believe it is inappropriate and wildly out of scope for an oauth
> document to define X.509 extensions, which IIUC is needed in order to
> define the Status Claim for X.509? The important thing to make sure is that
> the document does not preclude a future X.509 extension being drafted
> (wherever its appropriate place may be) that makes use of the status list,
> and that already appears to be the case.
>
> S pozdravem,
> *Filip Skokan*
>
>
> On Fri, 7 Feb 2025 at 14:57, Christian Bormann  40gmx...@dmarc.ietf.org> wrote:
>
>> Hi all,
>>
>>
>>
>> While going through the feedback and issues on github, there was one
>> bigger discussion point that we would like to bring to the mailing list.
>> Steffen Schwalm asked for support for X.509 Certificate revocation with the
>> Status List - in that case the Status List describing the status of an
>> X.509 Certificate (relevant issue
>> https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/243).
>> That would mean defining an extension to X.509 to embed the relevant
>> information for a Status List (URI and index) and creating validation rules
>> etc.
>>
>>
>>
>> While we understand the general motivation as is discussed in more detail
>> in the issue, it would be somewhat of a change of scope for the Status List
>> draft. We felt it might be out of scope of the OAuth Working Group and
>> rather in scope of other working groups like lamps? Any
>> comments/opinions would be appreciated!
>>
>>
>>
>> Best Regards,
>>
>> Christian Bormann
>> ___
>> OAuth mailing list -- oauth@ietf.org
>> To unsubscribe send an email to oauth-le...@ietf.org
>>
> ___
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-le...@ietf.org
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
___
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Re: IETF122 Call for topics

2025-02-26 Thread Atul Tulshibagwale 
I'd like to request about 15 minutes to discuss Transaction Tokens.

On Fri, Feb 21, 2025 at 11:57 AM Michael Jones 
wrote:

> I request 20 minutes to discuss draft-ietf-oauth-rfc7523bis.  Either
> session would be fine.
>
>
>
> Thanks,
>
> -- Mike
>
>
>
> *From:* Rifaat Shekh-Yusef 
> *Sent:* Sunday, February 16, 2025 6:51 AM
> *To:* oauth 
> *Subject:* [OAUTH-WG] Re: IETF122 Call for topics
>
>
>
> As per the preliminary agenda, the two OAuth WG sessions:
>
> 1. Tuesday at 13:00 - 15:00
>
> 2. Friday at 09:30 - 11:30
>
>
>
> Make sure to send us your topics as soon as possible.
>
>
>
> Regards,
>
>  Rifaat & Hannes
>
>
>
>
>
> On Sun, Feb 9, 2025 at 2:10 PM Rifaat Shekh-Yusef 
> wrote:
>
> All,
>
>
>
> Let us know if you have any topics that you would like to discuss in
> Bangkok.
>
> As a reminder, this time we have somewhat limited time compared to
> previous IETF meetings, because we requested *two sessions* only.
>
> So, make sure to send us your topics as soon as possible to make sure you
> get enough time to discuss your topic.
>
>
>
> Regards,
>
>  Rifaat & Hannes
>
>
>
> ___
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-le...@ietf.org
>
___
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Re: Status List Feature Request

2025-02-26 Thread Michael Jones 
X.509 already has its own revocation infrastructure (in fact, more than one 
kind!).  We needn’t complicate this spec to add another one for X.509.

-- Mike

From: Brian Campbell 
Sent: Wednesday, February 26, 2025 4:46 PM
To: Filip Skokan 
Cc: Christian Bormann ; oauth 

Subject: [OAUTH-WG] Re: Status List Feature Request

I concur with Filip's perspective.
On Wed, Feb 26, 2025, 4:21 PM Filip Skokan 
mailto:panva...@gmail.com>> wrote:
I believe it is inappropriate and wildly out of scope for an oauth document to 
define X.509 extensions, which IIUC is needed in order to define the Status 
Claim for X.509? The important thing to make sure is that the document does not 
preclude a future X.509 extension being drafted (wherever its appropriate place 
may be) that makes use of the status list, and that already appears to be the 
case.

S pozdravem,
Filip Skokan


On Fri, 7 Feb 2025 at 14:57, Christian Bormann 
mailto:40gmx...@dmarc.ietf.org>> wrote:
Hi all,

While going through the feedback and issues on github, there was one bigger 
discussion point that we would like to bring to the mailing list. Steffen 
Schwalm asked for support for X.509 Certificate revocation with the Status List 
- in that case the Status List describing the status of an X.509 Certificate 
(relevant issue 
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/243). That 
would mean defining an extension to X.509 to embed the relevant information for 
a Status List (URI and index) and creating validation rules etc.

While we understand the general motivation as is discussed in more detail in 
the issue, it would be somewhat of a change of scope for the Status List draft. 
We felt it might be out of scope of the OAuth Working Group and rather in scope 
of other working groups like lamps? Any comments/opinions would be appreciated!

Best Regards,
Christian Bormann
___
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to 
oauth-le...@ietf.org
___
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to 
oauth-le...@ietf.org

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
e-mail and delete the message and any file attachments from your computer. 
Thank you.
___
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Re: Status List Feature Request

2025-02-26 Thread Filip Skokan 
I believe it is inappropriate and wildly out of scope for an oauth document
to define X.509 extensions, which IIUC is needed in order to define
the Status Claim for X.509? The important thing to make sure is that the
document does not preclude a future X.509 extension being drafted (wherever
its appropriate place may be) that makes use of the status list, and that
already appears to be the case.

S pozdravem,
*Filip Skokan*


On Fri, 7 Feb 2025 at 14:57, Christian Bormann  wrote:

> Hi all,
>
>
>
> While going through the feedback and issues on github, there was one
> bigger discussion point that we would like to bring to the mailing list.
> Steffen Schwalm asked for support for X.509 Certificate revocation with the
> Status List - in that case the Status List describing the status of an
> X.509 Certificate (relevant issue
> https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/243).
> That would mean defining an extension to X.509 to embed the relevant
> information for a Status List (URI and index) and creating validation rules
> etc.
>
>
>
> While we understand the general motivation as is discussed in more detail
> in the issue, it would be somewhat of a change of scope for the Status List
> draft. We felt it might be out of scope of the OAuth Working Group and
> rather in scope of other working groups like lamps? Any comments/opinions
> would be appreciated!
>
>
>
> Best Regards,
>
> Christian Bormann
> ___
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-le...@ietf.org
>
___
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Re: Status List Feature Request

2025-02-26 Thread Hannes Tschofenig 

(chair hat off)

Hi Filip, Hi all,

this sounds like feature creep to me. I brought this work on status 
lists to the attention of the IETF LAMPS group, and there was zero 
interest from the PKI community in this type of solution. The PKIX 
community already has a wide range of established solutions for 
revocation and status checking.


Steffen could propose such an extension within LAMPS, if he cares about 
it. LAMPS is the place to define extensions to X.509 certificates.


Ciao
Hannes


Am 26.02.2025 um 17:18 schrieb Filip Skokan:
I believe it is inappropriate and wildly out of scope for an oauth 
document to define X.509 extensions, which IIUC is needed in order to 
define the Status Claim for X.509? The important thing to make sure is 
that the document does not preclude a future X.509 extension being 
drafted (wherever its appropriate place may be) that makes use of the 
status list, and that already appears to be the case.


S pozdravem,
*Filip Skokan*


On Fri, 7 Feb 2025 at 14:57, Christian Bormann 
 wrote:


Hi all,

While going through the feedback and issues on github, there was
one bigger discussion point that we would like to bring to the
mailing list. Steffen Schwalm asked for support for X.509
Certificate revocation with the Status List - in that case the
Status List describing the status of an X.509 Certificate
(relevant issue
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/243).
That would mean defining an extension to X.509 to embed the
relevant information for a Status List (URI and index) and
creating validation rules etc.

While we understand the general motivation as is discussed in more
detail in the issue, it would be somewhat of a change of scope for
the Status List draft. We felt it might be out of scope of the
OAuth Working Group and rather in scope of other working groups
like lamps? Any comments/opinions would be appreciated!

Best Regards,

Christian Bormann

___
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org


___
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org


___
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org