On 5/1/09 2:29 PM, Eran Hammer-Lahav wrote: > There is a difference between what you name the specification and the > string value you put on the wire. My point is that there is no reason > to change what is transmitted on the wire. I also made the point that > not changing the wire string but changing the document version will be > more confusing. Changing both just because it helps with communication > with*people* makes no sense. Protocols are for*machines* and those > do not need a new version number.
Considering that the changes being made to the OAuth specification MUST break backwards compatibility -- as implementations of the current unfixed specification are KNOWN to be insecure -- makes perfect _technical_ sense to rev the version number on the wire to signify this. Continuing to use the current, known insecure, specification is negligent at best and nefarious at worst. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---