list --oauth@ietf.org
To unsubscribe send an email tooauth-le...@ietf.org
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
RuhrSec 2025 // The IT Secu
ft-sakimura-oauth-wmrm. Is that an omission or intentional?
S pozdravem,
*Filip Skokan*
On Wed, 10 Jan 2024 at 09:37, Karsten Meyer zu Selhausen |
Hackmanit wrote:
Hello Filip,
our draft covers and is compatible to what's called "simple
mode" (bo
en the message structure is not the same as in
draft-sakimura-oauth-wmrm. Is that an omission or intentional?
S pozdravem,
*Filip Skokan*
On Wed, 10 Jan 2024 at 09:37, Karsten Meyer zu Selhausen | Hackmanit
wrote:
Hello Filip,
our draft covers and is compatible to what's ca
We think it would be very helpful for implementers and developers
to specify a secure standard for a postMessage API-based response
mode.
Best regards,
Karsten*
*
On 23.11.2023 10:11, Karsten Meyer zu Selhausen | Hackmanit wrote:
Hi everyone,
at the last OSW t
dard for a postMessage API-based response mode.
Best regards,
Karsten*
*
On 23.11.2023 10:11, Karsten Meyer zu Selhausen | Hackmanit wrote:
Hi everyone,
at the last OSW the topic of a response mode based on the postMessage
API came up. This approach is already used by multiple parties (e.g.,
G
ever, there have not been any changes to its contents. What are the
plans of the authors for this draft?
Best regards
Karsten
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Secu
rror, please contact the sender and delete the
material from your computer.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 544564
lications.
Evert
[1]: https://github.com/badgateway/oauth2-client
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:
eserved=0
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testi
section-4.7.1-3.2.1>
The referenced draft has, however, expired:
https://www.ietf.org/archive/id/draft-bradley-oauth-jwt-encoded-state-09.txt
Ciao
Hannes
--
Yannick Majoros
Valuya sprl
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 /
application trust that stored information more
than the redirect_uri, both needing validation anyway?
Could be me, but I'm not seeing a solution for my problem yet.
Le mar. 7 mars 2023 à 09:55, Karsten Meyer zu Selhausen
a écrit :
- In a context where all redirect URIs are under ou
uth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
S
GyF2dHAASRvo2XefBomD8IzMYv34M9RS6155k%3D&reserved=0>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetr
_
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Regards and Best Wishes
Jaimandeep Singh
LinkedIn <http://www.linkedin.com/in/jaimandeep-singh-07834b1b7>
___
OAuth mailing list
OAuth@ietf.org
ht
021 um 20:59 schrieb internet-dra...@ietf.org:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Authorization Server Issuer Identification
Authors
not
really a consideration in the way that the rest of the section is.
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Is your OAuth or OpenID Connect a
; so section 6 should be deleted (if there were acksm they
should go into an unnumbered section at the end of the document)
We added missing Acks and moved them to the appendix.
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de
wiLCJXVCI6Mn0%3D%7C1000&sdata=CDskCHwXxJxGdmudTW33gUT5f3%2B835uZDxyNEmKkiFc%3D&reserved=0>
Kind regards,
Neil
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
________
/www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Is your OAuth or OpenID Connect application vulnerable to mix-up attack
https://www.ietf.org/mailman/listinfo/oauth
--
https://danielfett.de
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web
rsion of the draft to
allow me to progress it?
Regards,
Rifaat
On Mon, Sep 6, 2021 at 6:50 AM Karsten Meyer zu Selhausen
<mailto:karsten.meyerzuselhau...@hackmanit.de>> wrote:
Hi Rifaat,
thank you for the shepherd's review.
Those are valid comments. We will have a
lready been filed.
Please, reply to this email on the mailing list and indicate if
you are aware of any IPRs associated with this document.
Regards,
Rifaat
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Se
_
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Is your OAuth or OpenID Connect
Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Authorization Server Issuer Identification
Authors : Karsten Meyer zu Selhausen
he document and have no concerns.
Regards,
Rifaat & Hannes
On Thu, Apr 15, 2021 at 3:04 AM Karsten Meyer zu Selhausen
mailto:karsten.meyerzuselhau...@hackmanit.de>> wrote:
Hi all,
the latest version of the security BCP references
draft-ietf-oauth
the WG if there are any comments on or concerns with
the current draft version.
Otherwise I hope we can move forward with the next steps and hopefully
finish the draft before/with the security BCP.
Best regards,
Karsten
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49
___
OAuth mailing list
OAuth@ietf.org <mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
<https://www.ietf.org/mailman/listinfo/oauth>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/
Authorization Response
Authors : Karsten Meyer zu Selhausen
Daniel Fett
Filename: draft-ietf-oauth-iss-auth-resp-00.txt
Pages : 10
Date: 2021-01-06
Abstract:
This document specifies a new parameter "iss&
aft-meyerzuselhausen-oauth-iss-auth-resp/>
Please, provide your feedback on the mailing list by Dec 22nd.
Regards,
Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
I
Subject: New Version Notification for
draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt
Date: Tue, 17 Nov 2020 03:42:02 -0800
From: internet-dra...@ietf.org
To: Karsten zu Selhausen ,
Daniel Fett , Karsten Meyer zu Selhausen
A new version of I-D, draft-meyerzuselhausen-oauth-iss-auth
Sun, 01 Nov 2020 23:31:42 -0800
From: internet-dra...@ietf.org
To: Karsten Meyer zu Selhausen ,
Karsten zu Selhausen , Daniel
Fett
A new version of I-D, draft-meyerzuselhausen-oauth-iss-auth-resp-01.txt
has been successfully submitted by Karsten Meyer zu Selhausen and posted
to
;mix-up" attacks.
The need for a proper specification of the "iss" parameter was discussed
in this thread:
https://mailarchive.ietf.org/arch/msg/oauth/DQR2ZXtGKfa-8UGtuPYyZoAaBIc/
Best regards,
Karsten
--
Karsten Meyer zu Selhausen
IT Security Consultant
Phone: +49 (0)234 / 544564
at 08:20, Karsten Meyer zu Selhausen
>> wrote:
>>
>> Hi all,
>>
>> I think we all agree that proper countermeasures of mix-up attacks should
>> definitely be part of the BCP and 2.1 due to the severe impact successful
>> mix-up attacks have.
>&
ocument:
> https://www.ietf.org/id/draft-ietf-oauth-par-03.html
>
> Please, take a look and provide feedback on the list by *August 25th.*
>
> Regards,
> Rifaat & Hannes
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
&
;mailto:OAuth@ietf.org>
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> */CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is
authorization request to and bind this information to the user agent and
check that the authorization request was received from the correct
authorization server." -> "Clients MUST store the authorization server
they sent an authorization request to and bind this information to the
user a
asure described in the BCP
(adding an AS identifier and the client_id of the intended recipient to
AS's responses) should be used to prevent Mix-Up attacks. If the
involved entities use the OIDC hybrid flow this countermeasure is
automatically applied.
Do we miss anything? Or what is your opinion
37 matches
Mail list logo
