Hi all,the latest version of the security BCP references draft-ietf-oauth-iss-auth-resp-00 as a countermeasures to mix-up attacks.
There have not been any concerns with the first WG draft version so far: https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/
I would like to ask the WG if there are any comments on or concerns with the current draft version.
Otherwise I hope we can move forward with the next steps and hopefully finish the draft before/with the security BCP.
Best regards, Karsten -- Karsten Meyer zu Selhausen Senior IT Security Consultant Phone: +49 (0)234 / 54456499 Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, Security Training Is your OAuth or OpenID Connect client vulnerable to the severe impacts of mix-up attacks? Learn how to protect your client in our latest blog post on single sign-on: https://www.hackmanit.de/en/blog-en/132-how-to-protect-your-oauth-client-against-mix-up-attacks Hackmanit GmbH Universitätsstraße 60 (Exzenterhaus) 44789 Bochum Registergericht: Amtsgericht Bochum, HRB 14896 Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. Christian Mainka, Dr. Marcus Niemietz
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth