Re: [OAUTH-WG] WGLC for DPoP Document

Thanks Nat, on 5: Server authentication was kind of assumed throughout the draft due to HTTPS being required but I think you're right that it might be good to add something more explicit about it. I'll add something towards that end in the next revision. on 3/4: I kind of liked the one line "cnf"

Re: [OAUTH-WG] Regarding iat and nonce in DPoP Proofs

Hello Filip, Jacob, co-authors, and WE participants, Apologies from myself and fellow co-authors for the slow response. I was on family vacation for much of WGLC and am slowly catching up. Anyway, yeah, I definitely believe that one of the intentions when adding the nonce was to allow the server

Re: [OAUTH-WG] WGLC for DPoP Document

I support publication. John Bradley -- Original Message -- From: "Nat Sakimura" To: "Rifaat Shekh-Yusef" ; "oauth" Sent: 4/7/2022 10:37:21 PM Subject: Re: [OAUTH-WG] WGLC for DPoP Document Thanks for an excellent work. I am happy that the public key confirmation method in JPOP [1]

Re: [OAUTH-WG] Security BCP Review

Hi Rifaat, Am 14.02.22 um 22:26 schrieb Rifaat Shekh-Yusef: As part of the preparation for the shepherd write-up, I reviewed the document and have the following comments: https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-19.html