Thanks everyone for the update! Having a clear distinction between the
PKIX vs public key bound methods will help interop, implementers' job,
and it also appears good for security.
Questions:
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-03#section-2.3
> where the X.509 certificate
In terms of structure, I would like to suggest giving PKI bound auth and
pub key bound mTLS auth their own sections, instead of having them in
one section (2.1 as it is now).
The two methods are distinctive enough, and implementers should easily
recognise they can implement just one of them.
Vlad
Thanks for the review, Vladimir.
The text about which you have questions was written by Torsten (credit or
blame where it's due!) but I believe he's out of the office for a bit so
I'll try and answer.
Your 1st question:
I've had the same thought regarding the public key method and using the JWK
x
A fair suggestion and we'll see what can be done to make the distinction
more clear.
On Wed, Aug 2, 2017 at 2:02 AM, Vladimir Dzhuvinov
wrote:
> In terms of structure, I would like to suggest giving PKI bound auth and
> pub key bound mTLS auth their own sections, instead of having them in
> one
Hello, id like to join the mailing list for Android. Thanks alot.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Not sure of the status at this point (it is expired) but the
draft-ietf-oauth-closing-redirectors WG document in
https://tools.ietf.org/html/draft-ietf-oauth-closing-redirectors-00#section-2.3
suggests using the Content Security Policy header to limit the information
sent in the referer something l
Use the following link to subscribe:
https://www.ietf.org/mailman/listinfo/oauth
Regards,
Rifaat
On Wednesday, August 2, 2017, Bone Bizz wrote:
> Hello, id like to join the mailing list for Android. Thanks alot.
>
___
OAuth mailing list
OAuth@ietf
