Hi All Thanks for all the feedback prior to and during IETF 115 on the proposed "Cross Device Flows: Security Best Practice". I incorporated the feedback and published a new version here: https://datatracker.ietf.org/doc/draft-kasselman-cross-device-security/
Cheers Pieter -----Original Message----- From: internet-dra...@ietf.org <internet-dra...@ietf.org> Sent: Tuesday, November 15, 2022 12:21 AM To: Daniel Fett <m...@danielfett.de>; panva.ip <panva...@gmail.com>; Pieter Kasselman <pieter.kassel...@microsoft.com> Subject: New Version Notification for draft-kasselman-cross-device-security-02.txt A new version of I-D, draft-kasselman-cross-device-security-02.txt has been successfully submitted by Pieter Kasselman and posted to the IETF repository. Name: draft-kasselman-cross-device-security Revision: 02 Title: Cross-Device Flows: Security Best Current Practice Document date: 2022-11-15 Group: Individual Submission Pages: 29 URL: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-kasselman-cross-device-security-02.txt&data=05%7C01%7Cpieter.kasselman%40microsoft.com%7Cfad1d8b6c6fa4d6184af08dac69f4009%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638040684550332501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=amixgInI01SSxvKkAxxDaoghymly%2FuvkjRev%2FhXVWPg%3D&reserved=0 Status: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-kasselman-cross-device-security%2F&data=05%7C01%7Cpieter.kasselman%40microsoft.com%7Cfad1d8b6c6fa4d6184af08dac69f4009%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638040684550332501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Z4LMaYgjySr3zXc7fvbKAC8iKt56Pq5%2BcfGusqi6CAk%3D&reserved=0 Html: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-kasselman-cross-device-security-02.html&data=05%7C01%7Cpieter.kasselman%40microsoft.com%7Cfad1d8b6c6fa4d6184af08dac69f4009%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638040684550332501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lYTU38nt%2Fy%2BvT0%2Fgkvs1lKAwGY%2FGEH012sxm3MxBxrw%3D&reserved=0 Htmlized: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-kasselman-cross-device-security&data=05%7C01%7Cpieter.kasselman%40microsoft.com%7Cfad1d8b6c6fa4d6184af08dac69f4009%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638040684550332501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=R4XLp%2BwcEqy0cfuSP96c78I4YiwukiDiNgjwTiTnCh0%3D&reserved=0 Diff: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-kasselman-cross-device-security-02&data=05%7C01%7Cpieter.kasselman%40microsoft.com%7Cfad1d8b6c6fa4d6184af08dac69f4009%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638040684550332501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MKeL%2Fbn58XqZdX2Cpp9tCKmyOJP3cbCuRLs7k5oZHdw%3D&reserved=0 Abstract: This document describes threats against cross-device flows along with near term mitigations, protocol selection guidance and the analytical tools needed to evaluate the effectiveness of these mitigations. It serves as a security guide to system designers, architects, product managers, security specialists, fraud analysts and engineers implementing cross-device flows. The IETF Secretariat _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
