Re: [OAUTH-WG] Genart last call review of draft-ietf-oauth-jwt-bcp-04

Hi Brian, Thank you for your review! Your comments are addressed by the following commit: https://github.com/yaronf/I-D/commit/d00674b352f6e1323da8c5b6600f1f0d7e9b64b1 Please let us know if any issues remain. Best, Yaron On 30/03/2019 23:51, Brian Carpenter via Datatracker wrote: R

[OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-jwt-bcp-05.txt

, Dick Hardt , Yaron Sheffer , Michael Jones A new version of I-D, draft-ietf-oauth-jwt-bcp-05.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-ietf-oauth-jwt-bcp Revision: 05 Title: JSON Web Token Best Current

[OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-jwt-bcp-06.txt

2019 11:08:00 -0700 From: internet-dra...@ietf.org To: Michael B. Jones , Dick Hardt , Yaron Sheffer , Michael Jones A new version of I-D, draft-ietf-oauth-jwt-bcp-06.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-ietf-oauth-jwt-bc

Re: [OAUTH-WG] Martin Vigoureux's No Objection on draft-ietf-oauth-jwt-bcp-06: (with COMMENT)

-- COMMENT: -- Hello, thank you for this document. I wonder whether [nist-sp-800-56a-r3] should be a normative reference. Thanks -m Correct, as it is used

Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oauth-jwt-bcp-06: (with DISCUSS and COMMENT)

-- DISCUSS: -- Thanks for everyone who worked to get this document out the door. I found it to be well-organized and easy to read. -

[OAUTH-WG] FW: New Version Notification for draft-ietf-oauth-jwt-bcp-07.txt

xt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-ietf-oauth-jwt-bcp Revision: 07 Title: JSON Web Token Best Current Practices Document date: 2019-10-13 Group: oauth Pages:

Re: [OAUTH-WG] Benjamin Kaduk's Discuss on draft-ietf-oauth-jwt-bcp-06: (with DISCUSS and COMMENT)

Hi Ben, Sorry the responding to you retroactively (and with such delay). As you can imagine, most of the changes in the latest version are related to your review. See below for detailed comments. Thanks, Yaron On 25/06/2019, 2:20, "Benjamin Kaduk via Datatracker" wrote: Benjamin

[OAUTH-WG] TxAuth WG formation consensus call

Hi, We have just posted a call for consensus on the TxAuth list. People on this list might want to pop over and review it [1] and possibly respond. All discussion will take place on the TxAuth list. Thanks,     Yaron [1] https://mailarchive.ietf.org/arch/msg/txauth/G7kcSq

Re: [OAUTH-WG] JWT BCP on Compression in JWE

Hi Brian, These two attacks on TLS are only examples of the breakage that can occur when the adversary can control the plaintext to some degree (even a small piece of the plaintext, e.g. a malleable HTTP cookie can result in decryption of the whole message). Similar attacks were demonstrated

Re: [OAUTH-WG] JWT BCP on Compression in JWE

crypto controls that allow developers to do this safely? I think that's the better question right now. Aloha, -- Jim Manico @Manicode On Jul 28, 2017, at 7:57 PM, Yaron Sheffer wrote: Hi Brian, These two attacks on TLS are only examples of the breakage that can occur when the adver

Re: [OAUTH-WG] Initial JSON Web Token Best Current Practices Draft

Hi Neil, Thank you again for your review and the follow up. Please see my comments in-line. ‏Yaron Hi Mike, I sent this originally back in June last year, I can see some of these points have been addressed in -01, but not others, so I will include further comments in-line below.

Re: [OAUTH-WG] reference for invalid point attack [-jwt-bcp] ?

Will add to the draft. Thank you Jeff! -- From: =JeffH To: IETF OAuth WG Subject: [OAUTH-WG] reference for invalid point attack [-jwt-bcp] ? Message-ID: <0c2d1ad2-1239-26e0-87c1-9be2bd1e7...@kingsmountain.com> Content-Type: text/plain; charset=utf-8; format=flowed

[OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-jwt-bcp-02.txt

t-dra...@ietf.org To: Michael B. Jones , Yaron Sheffer , Dick Hardt , Michael Jones A new version of I-D, draft-ietf-oauth-jwt-bcp-02.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-ietf-oauth-jwt-bcp Revision: 02 Title: JSO

Re: [OAUTH-WG] JWT BCP Acknowledgements (was Fwd: New Version Notification for draft-ietf-oauth-jwt-bcp-02.txt)

-libraries/ Perhaps he should be acknowledged similar to how Antonio is for the invalid point attack? I've also provided a little (admittedly very little) review and feedback on the draft... On Wed, May 2, 2018 at 2:36 AM, Yaron Sheffer <mailto:yaronf.i...@gmail.com>> wrote:

Re: [OAUTH-WG] IPR confirmation for draft-ietf-oauth-jwt-bcp-03

Confirmed. Yaron On 17/07/18 09:35, Hannes Tschofenig wrote: Hi Yaron, Dick, Mike, Please confirm that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed for draft-ietf-oauth-jwt-bcp-03. Ciao Hanne

[OAUTH-WG] FW: New Version Notification for draft-sheffer-oauth-rfc8725bis-01.txt

version of Internet-Draft draft-sheffer-oauth-rfc8725bis-01.txt has beensuccessfully submitted by Yaron Sheffer and posted to theIETF repository. Name: draft-sheffer-oauth-rfc8725bisRevision: 01Title:JSON Web Token Best Current PracticesDate: 2025-05-23Group:Individual SubmissionPages