draft-ietf-oauth-pop-architecture-00.txt   draft-ietf-oauth-pop-architecture-01.txt 
OAuth P. Hunt, Ed. OAuth P. Hunt, Ed.
Internet-Draft Oracle Corporation Internet-Draft Oracle Corporation
Intended status: Informational J. Richer Intended status: Informational J. Richer
Expires: January 22, 2015 The MITRE Corporation Expires: September 4, 2015
W. Mills W. Mills
P. Mishra P. Mishra
Oracle Corporation Oracle Corporation
H. Tschofenig H. Tschofenig
ARM Limited ARM Limited
July 21, 2014 March 3, 2015
OAuth 2.0 Proof-of-Possession (PoP) Security Architecture OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
draft-ietf-oauth-pop-architecture-00.txt draft-ietf-oauth-pop-architecture-01.txt
Abstract Abstract
The OAuth 2.0 bearer token specification, as defined in RFC 6750, The OAuth 2.0 bearer token specification, as defined in RFC 6750,
allows any party in possession of a bearer token (a "bearer") to get allows any party in possession of a bearer token (a "bearer") to get
access to the associated resources (without demonstrating possession access to the associated resources (without demonstrating possession
of a cryptographic key). To prevent misuse, bearer tokens must to be of a cryptographic key). To prevent misuse, bearer tokens must to be
protected from disclosure in transit and at rest. protected from disclosure in transit and at rest.
Some scenarios demand additional security protection whereby a client Some scenarios demand additional security protection whereby a client
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 22, 2015. This Internet-Draft will expire on September 4, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 37 skipping to change at page 2, line 37
3.3. Access to a Non-TLS Protected Resource . . . . . . . . . 4 3.3. Access to a Non-TLS Protected Resource . . . . . . . . . 4
3.4. Offering Application Layer End-to-End Security . . . . . 5 3.4. Offering Application Layer End-to-End Security . . . . . 5
4. Security and Privacy Threats . . . . . . . . . . . . . . . . 5 4. Security and Privacy Threats . . . . . . . . . . . . . . . . 5
5. Threat Mitigation . . . . . . . . . . . . . . . . . . . . . . 6 5. Threat Mitigation . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Confidentiality Protection . . . . . . . . . . . . . . . 7 5.1. Confidentiality Protection . . . . . . . . . . . . . . . 7
5.2. Sender Constraint . . . . . . . . . . . . . . . . . . . . 7 5.2. Sender Constraint . . . . . . . . . . . . . . . . . . . . 7
5.3. Key Confirmation . . . . . . . . . . . . . . . . . . . . 8 5.3. Key Confirmation . . . . . . . . . . . . . . . . . . . . 8
5.4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . 9
6. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 10 6. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 10
7. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 15 7. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 15
8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
11.1. Normative References . . . . . . . . . . . . . . . . . . 19 11.1. Normative References . . . . . . . . . . . . . . . . . . 19
11.2. Informative References . . . . . . . . . . . . . . . . . 21 11.2. Informative References . . . . . . . . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
At the time of writing the OAuth 2.0 protocol family ([RFC6749], At the time of writing the OAuth 2.0 protocol family ([RFC6749],
skipping to change at page 5, line 21 skipping to change at page 5, line 21
should work in such a scenario. Furthermore, it may not be necessary should work in such a scenario. Furthermore, it may not be necessary
to provide authentication of the resource server towards the client. to provide authentication of the resource server towards the client.
3.4. Offering Application Layer End-to-End Security 3.4. Offering Application Layer End-to-End Security
In Web deployments resource servers are often placed behind load In Web deployments resource servers are often placed behind load
balancers, which are deployed by the same organization that operates balancers, which are deployed by the same organization that operates
the resource servers. These load balancers may terminate the TLS the resource servers. These load balancers may terminate the TLS
connection setup and HTTP traffic is transmitted in the clear from connection setup and HTTP traffic is transmitted in the clear from
the load balancer to the resource server. With application layer the load balancer to the resource server. With application layer
security independent of the underlying TLS security it is possible to security in addition to the underlying TLS security it is possible to
allow application servers to perform cryptographic verification on an allow application servers to perform cryptographic verification on an
end-to-end basis. end-to-end basis.
The key aspect in this use case is therefore to offer end-to-end The key aspect in this use case is therefore to offer end-to-end
security in the presence of load balancers via application layer security in the presence of load balancers via application layer
security. security. Enterprise networks also deploy proxies that inspect
traffic and thereby break TLS.
4. Security and Privacy Threats 4. Security and Privacy Threats
The following list presents several common threats against protocols The following list presents several common threats against protocols
utilizing some form of tokens. This list of threats is based on NIST utilizing some form of tokens. This list of threats is based on NIST
Special Publication 800-63 [NIST800-63]. We exclude a discussion of Special Publication 800-63 [NIST800-63]. We exclude a discussion of
threats related to any form of identity proofing and authentication threats related to any form of identity proofing and authentication
of the resource owner to the authorization server since these of the resource owner to the authorization server since these
procedures are not part of the OAuth 2.0 protocol specification procedures are not part of the OAuth 2.0 protocol specification
itself. itself.
skipping to change at page 10, line 27 skipping to change at page 10, line 27
the possession of the secret to the resource server when accessing the possession of the secret to the resource server when accessing
the resource. The resource server, when receiving an access token, the resource. The resource server, when receiving an access token,
needs to verify that the key used by the client matches the one needs to verify that the key used by the client matches the one
included in the access token. included in the access token.
There are slight differences between the use of symmetric keys and There are slight differences between the use of symmetric keys and
asymmetric keys when they are bound to the access token and the asymmetric keys when they are bound to the access token and the
subsequent interaction between the client and the authorization subsequent interaction between the client and the authorization
server when demonstrating possession of these keys. Figure 1 shows server when demonstrating possession of these keys. Figure 1 shows
the symmetric key procedure and Figure 2 illustrates how asymmetric the symmetric key procedure and Figure 2 illustrates how asymmetric
keys are used. keys are used. While symmetric cryptography provides better
performance properties the use of asymmetric cryptography allows the
client to keep the private key locally and never expose it to any
other party.
With the JSON Web Token (JWT) a standardized format for access tokens With the JSON Web Token (JWT) [I-D.ietf-oauth-json-web-token] a
is available. The necessary elements to bind symmetric or asymmetric standardized format for access tokens is available. The necessary
keys to the JWT are described in elements to bind symmetric or asymmetric keys to a JWT are described
[I-D.jones-oauth-proof-of-possession]. in [I-D.ietf-oauth-proof-of-possession].
Note: The negotiation of cryptographic algorithms between the client
and the authorization server is not shown in the examples below and
assumed to be present in a protocol solution to meet the requirements
for crypto-agility.
+---------------+ +---------------+
^| | ^| |
// | Authorization | // | Authorization |
/ | Server | / | Server |
// | | // | |
/ | | / | |
(I) // /+---------------+ (I) // /+---------------+
Access / // Access / //
Token / / Token / /
skipping to change at page 12, line 7 skipping to change at page 12, line 7
key transport mechanism from the authorization server to the client key transport mechanism from the authorization server to the client
has been explained in the previous paragraph there are three ways for has been explained in the previous paragraph there are three ways for
communicating this session key from the authorization server to the communicating this session key from the authorization server to the
resource server, namely resource server, namely
Embedding the symmetric key inside the access token itself. This Embedding the symmetric key inside the access token itself. This
requires that the symmetric key is confidentiality protected. requires that the symmetric key is confidentiality protected.
The resource server queries the authorization server for the The resource server queries the authorization server for the
symmetric key. This is an approach envisioned by the token symmetric key. This is an approach envisioned by the token
introspection endpoint [I-D.richer-oauth-introspection]. introspection endpoint [I-D.ietf-oauth-introspection].
The authorization server and the resource server both have access The authorization server and the resource server both have access
to the same back-end database. Smaller, tightly coupled systems to the same back-end database. Smaller, tightly coupled systems
might prefer such a deployment strategy. might prefer such a deployment strategy.
+---------------+ +---------------+
^| | ^| |
Access Token Req. // | Authorization | Access Token Req. // | Authorization |
+Parameters / | Server | +Parameters / | Server |
+[Fingerprint] // | | +[Fingerprint] // | |
skipping to change at page 12, line 48 skipping to change at page 12, line 48
the server could be involved in the generation of the ephemeral key the server could be involved in the generation of the ephemeral key
pair. This exchange is shown in Figure 1. If the client generates pair. This exchange is shown in Figure 1. If the client generates
the key pair it either includes a fingerprint of the public key or the key pair it either includes a fingerprint of the public key or
the public key in the request to the authorization server. The the public key in the request to the authorization server. The
authorization server would include this fingerprint or public key in authorization server would include this fingerprint or public key in
the confirmation claim inside the access token and thereby bind the the confirmation claim inside the access token and thereby bind the
asymmetric key pair to the token. If the client did not provide a asymmetric key pair to the token. If the client did not provide a
fingerprint or a public key in the request then the authorization fingerprint or a public key in the request then the authorization
server is asked to create an ephemeral asymmetric key pair, binds the server is asked to create an ephemeral asymmetric key pair, binds the
fingerprint of the public key to the access token, and returns the fingerprint of the public key to the access token, and returns the
asymmetric key pair (public and private key) to the client. asymmetric key pair (public and private key) to the client. Note
that there is a strong preference for generating the private/public
key pair locally at the client rather than at the server.
The specification describing the interaction between the client and The specification describing the interaction between the client and
the authorization server, as shown in Figure 1 and in Figure 2, can the authorization server, as shown in Figure 1 and in Figure 2, can
be found in [I-D.bradley-oauth-pop-key-distribution]. be found in [I-D.ietf-oauth-pop-key-distribution].
Once the client has obtained the necessary access token and keying Once the client has obtained the necessary access token and keying
material it can start to interact with the resource server. To material it can start to interact with the resource server. To
demonstrate possession of the key bound to the access token it needs demonstrate possession of the key bound to the access token it needs
to apply this key to the request by computing a keyed message digest to apply this key to the request by computing a keyed message digest
(i.e., a symmetric key-based cryptographic primitive) or a digital (i.e., a symmetric key-based cryptographic primitive) or a digital
signature (i.e., an asymmetric cryptographic primitive). When the signature (i.e., an asymmetric cryptographic computation). When the
resource server receives the request it verifies it and decides resource server receives the request it verifies it and decides
whether access to the protected resource can be granted. This whether access to the protected resource can be granted. This
exchange is shown in Figure 3. exchange is shown in Figure 3.
+---------------+ +---------------+
| | | |
| Authorization | | Authorization |
| Server | | Server |
| | | |
| | | |
+---------------+ +---------------+
Request Request
+-----------+ + Signature/MAC (a) +------------+ +-----------+ + Signature/MAC (a) +------------+
| |---------------------->| | | |---------------------->| |
| | [+Access Token] | Resource | | | [+Access Token] | Resource |
| Client | | Server | | Client | | Server |
| | Response (b) | | | | Response (b) | |
| |<----------------------| | | |<----------------------| |
+-----------+ +------------+ +-----------+ [+ Signature/MAC] +------------+
^ ^ ^ ^
| | | |
| | | |
Symmetric Key Symmetric Key Symmetric Key Symmetric Key
or or or or
Asymmetric Key Pair Public Key (Client) Asymmetric Key Pair Public Key (Client)
+ + + +
Parameters Parameters Parameters Parameters
Figure 3: Client demonstrates PoP. Figure 3: Client demonstrates PoP.
The specification describing the ability to sign the HTTP request The specification describing the ability to sign the HTTP request
from the client to the resource server can be found in from the client to the resource server can be found in
[I-D.richer-oauth-signed-http-request]. [I-D.ietf-oauth-signed-http-request].
So far the examples talked about access tokens that are passed by So far the examples talked about access tokens that are passed by
value and allow the resource server to make authorization decisions value and allow the resource server to make authorization decisions
immediately after verifying the request from the client. In some immediately after verifying the request from the client. In some
deployments a real-time interaction between the authorization server deployments a real-time interaction between the authorization server
and the resource server is envisioned that lowers the need to pass and the resource server is envisioned that lowers the need to pass
self-contained access tokens around. In that case the access token self-contained access tokens around. In that case the access token
merely serves as a handle or a reference to state stored at the merely serves as a handle or a reference to state stored at the
authorization server. As a consequence, the resource server cannot authorization server. As a consequence, the resource server cannot
autonomously make an authorization decision when receiving a request autonomously make an authorization decision when receiving a request
from a client but has to consult the authorization server. This can, from a client but has to consult the authorization server. This can,
for example, be done using the token introspection endpoint (see for example, be done using the token introspection endpoint (see
[I-D.richer-oauth-introspection]). Figure 4 shows the protocol [I-D.ietf-oauth-introspection]). Figure 4 shows the protocol
interaction graphically. Despite the additional token exchange interaction graphically. Despite the additional token exchange
previous descriptions about associating symmetric and asymmetric keys previous descriptions about associating symmetric and asymmetric keys
to the access token are still applicable to this scenario. to the access token are still applicable to this scenario.
+---------------+ +---------------+
Access ^| | Access ^| |
Token Req. // | Authorization |\ Token Req. // | Authorization |^
(I) / | Server | \ (IV) Token (I) / | Server | \ (IV) Token
// | | \ Introspection // | | \ Introspection Req.
/ | | \ +Access / | | \ +Access
// /+---------------+ \ Token // /+---------------+ \ Token
/ // (II) \ \\ / // (II) \ \\
/ / Access \ \ / / Access \ \
// // Token \ (V) \ // // Token \ (V) \
/ / \Resp.\ / / \Resp.\
// // \ \ // // \ \
/ v \ \ / v V \
+-----------+ Request +Signature/MAC+------------+ +-----------+ Request +Signature/MAC+------------+
| | (III) +Access Token | | | | (III) +Access Token | |
| |---------------------->| Resource | | |---------------------->| Resource |
| Client | (VI) Success or | Server | | Client | (VI) Success or | Server |
| | Failure | | | | Failure | |
| |<----------------------| | | |<----------------------| |
+-----------+ +------------+ +-----------+ +------------+
Figure 4: Token Introspection and Access Token Handles. Figure 4: Token Introspection and Access Token Handles.
skipping to change at page 18, line 13 skipping to change at page 18, line 13
pseudonymous identity of the resource owner, since the pseudonymous identity of the resource owner, since the
authorization server is the only entity involved in verifying the authorization server is the only entity involved in verifying the
resource owner's identity. resource owner's identity.
Collusion: Collusion:
Resource servers that collude can be prevented from using Resource servers that collude can be prevented from using
information related to the resource owner to track the individual. information related to the resource owner to track the individual.
That is, two different resource servers can be prevented from That is, two different resource servers can be prevented from
determining that the same resource owner has authenticated to both determining that the same resource owner has authenticated to both
of them. This requires that each authorization server obtains of them. Authorization servers MUST bind different keying
different keying material as well as different access tokens with material to access tokens used for resource servers from different
content that does not allow identification of the resource owner. origins (or similar concepts in the app world).
AS-to-RS Relationship Anonymity: AS-to-RS Relationship Anonymity:
This MAC Token security does not provide AS-to-RS relationship For solutions using asymmetric key cryptography the client MAY
anonymity since the client has to inform the resource server about conceal information about the resource server it wants to interact
the resource server it wants to talk to. The authorization server with. The authorization server MAY reject such an attempt since
needs to know how to encrypt the session key the client and the it may not be able to enforce access control decisions.
resource server will be using.
As an additional requirement a solution MUST enable support for Channel Binding:
channel bindings. The concept of channel binding, as defined in
[RFC5056], allows applications to establish that the two end-points A solution MUST enable support for channel bindings. The concept
of a secure channel at one network layer are the same as at a higher of channel binding, as defined in [RFC5056], allows applications
layer by binding authentication at the higher layer to the channel at to establish that the two end-points of a secure channel at one
the lower layer. network layer are the same as at a higher layer by binding
authentication at the higher layer to the channel at the lower
layer.
There are performance concerns with the use of asymmetric There are performance concerns with the use of asymmetric
cryptography. Although symmetric key cryptography offers better cryptography. Although symmetric key cryptography offers better
performance asymmetric cryptography offers additional security performance asymmetric cryptography offers additional security
properties. A solution MUST therefore offer the capability to properties. A solution MUST therefore offer the capability to
support both symmetric as well as asymmetric keys. support both symmetric as well as asymmetric keys.
There are threats that relate to the experience of the software There are threats that relate to the experience of the software
developer as well as operational practices. Verifying the servers developer as well as operational practices. Verifying the servers
identity in TLS is discussed at length in [RFC6125]. identity in TLS is discussed at length in [RFC6125].
skipping to change at page 19, line 24 skipping to change at page 19, line 30
chairs, Hannes Tschofenig, and Derek Atkins) provided their input chairs, Hannes Tschofenig, and Derek Atkins) provided their input
during these calls: Bill Mills, Justin Richer, Phil Hunt, Prateek during these calls: Bill Mills, Justin Richer, Phil Hunt, Prateek
Mishra, Mike Jones, George Fletcher, Leif Johansson, Lucy Lynch, John Mishra, Mike Jones, George Fletcher, Leif Johansson, Lucy Lynch, John
Bradley, Tony Nadalin, Klaas Wierenga, Thomas Hardjono, Brian Bradley, Tony Nadalin, Klaas Wierenga, Thomas Hardjono, Brian
Campbell Campbell
In the appendix of this document we re-use content from [RFC4962] and In the appendix of this document we re-use content from [RFC4962] and
the authors would like thank Russ Housely and Bernard Aboba for their the authors would like thank Russ Housely and Bernard Aboba for their
work on RFC 4962. work on RFC 4962.
We would like to thank Reddy Tirumaleswar for his review.
11. References 11. References
11.1. Normative References 11.1. Normative References
[I-D.bradley-oauth-pop-key-distribution]
Bradley, J., Hunt, P., Jones, M., and H. Tschofenig,
"OAuth 2.0 Proof-of-Possession: Authorization Server to
Client Key Distribution", draft-bradley-oauth-pop-key-
distribution-01 (work in progress), June 2014.
[I-D.ietf-httpbis-p1-messaging] [I-D.ietf-httpbis-p1-messaging]
Fielding, R. and J. Reschke, "Hypertext Transfer Protocol Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Message Syntax and Routing", draft-ietf- (HTTP/1.1): Message Syntax and Routing", draft-ietf-
httpbis-p1-messaging-26 (work in progress), February 2014. httpbis-p1-messaging-26 (work in progress), February 2014.
[I-D.ietf-jose-json-web-encryption] [I-D.ietf-jose-json-web-encryption]
Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
draft-ietf-jose-json-web-encryption-31 (work in progress), draft-ietf-jose-json-web-encryption-40 (work in progress),
July 2014. January 2015.
[I-D.ietf-oauth-introspection]
ietf@justin.richer.org, i., "OAuth 2.0 Token
Introspection", draft-ietf-oauth-introspection-05 (work in
progress), February 2015.
[I-D.ietf-oauth-json-web-token] [I-D.ietf-oauth-json-web-token]
Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
(JWT)", draft-ietf-oauth-json-web-token-25 (work in (JWT)", draft-ietf-oauth-json-web-token-32 (work in
progress), July 2014. progress), December 2014.
[I-D.jones-oauth-proof-of-possession] [I-D.ietf-oauth-pop-key-distribution]
Bradley, J., Hunt, P., Jones, M., and H. Tschofenig,
"OAuth 2.0 Proof-of-Possession: Authorization Server to
Client Key Distribution", draft-ietf-oauth-pop-key-
distribution-00 (work in progress), July 2014.
[I-D.ietf-oauth-proof-of-possession]
Jones, M., Bradley, J., and H. Tschofenig, "Proof-Of- Jones, M., Bradley, J., and H. Tschofenig, "Proof-Of-
Possession Semantics for JSON Web Tokens (JWTs)", draft- Possession Semantics for JSON Web Tokens (JWTs)", draft-
jones-oauth-proof-of-possession-02 (work in progress), ietf-oauth-proof-of-possession-01 (work in progress),
July 2014. January 2015.
[I-D.richer-oauth-introspection]
Richer, J., "OAuth Token Introspection", draft-richer-
oauth-introspection-06 (work in progress), July 2014.
[I-D.richer-oauth-signed-http-request] [I-D.ietf-oauth-signed-http-request]
Richer, J., Bradley, J., and H. Tschofenig, "A Method for Richer, J., Bradley, J., and H. Tschofenig, "A Method for
Signing an HTTP Requests for OAuth", draft-richer-oauth- Signing an HTTP Requests for OAuth", draft-ietf-oauth-
signed-http-request-01 (work in progress), April 2014. signed-http-request-00 (work in progress), July 2014.
[I-D.tschofenig-oauth-audience]
Tschofenig, H., "OAuth 2.0: Audience Information", draft-
tschofenig-oauth-audience-00 (work in progress), February
2013.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996. Bodies", RFC 2045, November 1996.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, February Hashing for Message Authentication", RFC 2104, February
1997. 1997.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
skipping to change at page 22, line 35 skipping to change at page 22, line 39
January 2013. January 2013.
Authors' Addresses Authors' Addresses
Phil Hunt (editor) Phil Hunt (editor)
Oracle Corporation Oracle Corporation
Email: phil.hunt@yahoo.com Email: phil.hunt@yahoo.com
Justin Richer Justin Richer
The MITRE Corporation
Email: jricher@mitre.org Email: ietf@justin.richer.org
William Mills William Mills
Email: wmills@yahoo-inc.com Email: wmills@yahoo-inc.com
Prateek Mishra Prateek Mishra
Oracle Corporation Oracle Corporation
Email: prateek.mishra@oracle.com Email: prateek.mishra@oracle.com
Hannes Tschofenig Hannes Tschofenig
ARM Limited ARM Limited
Hall in Tirol 6060
Austria Austria
Email: Hannes.Tschofenig@gmx.net Email: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at URI: http://www.tschofenig.priv.at
 End of changes. 34 change blocks. 
64 lines changed or deleted 74 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/