subject:"Re\: \[OAUTH\-WG\] Formal security protocol analysis of OAuth 2.0"

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

2011-05-16 Thread Mark Mcgloin

@pomcor.com, oauth@ietf.org > > Subject > > Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0 > > Mark, > > Many thanks for posting this. I am thinking of the next step. > > This paper proposes to use the Password-Based Asymmetric Key Exchange > protoco

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

2011-05-16 Thread Mark Mcgloin

Hi Igor, comments Inline below Igor Faynberg wrote on 16/05/2011 09:02:25: > Igor Faynberg > 16/05/2011 09:02 > > Please respond to > igor.faynb...@alcatel-lucent.com > > To > > Mark Mcgloin/Ireland/IBM@IBMIE > > cc > > oauth@ietf.org > > Subjec

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

2011-05-16 Thread Igor Faynberg

Mark, Many thanks for posting this. I am thinking of the next step. This paper proposes to use the Password-Based Asymmetric Key Exchange protocol. Many messages ago, I had proposed to use the Password-Based DH key exchange for the symmetric key generation. Another option is to mandate som

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

2011-05-16 Thread Igor Faynberg

The approach looks right to me; the key is that the 1.0 state machine is rather simple. A priori, I don't see the 2.0 as more complex (even though it involves an additional machine), and I think it should be straight-forward to build the machine and run the reachability analysis on the system

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

2011-05-15 Thread Francisco Corella

t; > Please respond to > fcore...@pomcor.com > > To > > oauth@ietf.org, Mark Mcgloin/Ireland/IBM@IBMIE > > cc > > Subject > > Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0 > > We wrote a security analysis of double redirection protocols tha

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

2011-05-14 Thread Mark Mcgloin

E > > cc > > Subject > > Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0 > > We wrote a security analysis of double redirection protocols that > has a section on OAuth 2.0 as of draft 11. You can find it at > http://pomcor.com/techreports/DoubleRedirection.pdf &

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

2011-05-13 Thread Doug Tangren

-Doug Tangren http://lessis.me On Fri, May 13, 2011 at 12:58 PM, Francisco Corella wrote: > We wrote a security analysis of double redirection protocols that has a > section on OAuth 2.0 as of draft 11. You can find it at > http://pomcor.com/techreports/DoubleRedirection.pdf > > Wow, this looks

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

2011-05-13 Thread Francisco Corella

We wrote a security analysis of double redirection protocols that has a section on OAuth 2.0 as of draft 11. You can find it at http://pomcor.com/techreports/DoubleRedirection.pdf Francisco --- On Fri, 5/13/11, Mark Mcgloin wrote: From: Mark Mcgloin Subject: [OAUTH-WG] Formal security proto

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0

8 matches

Site Navigation

Mail list logo

Footer information