Skylar, > Right, but just so we are clear, the only case you are > discussing here is the MITM attack, which George, I and > others have recently outlined.
There several flavors of MITM attacks, and a passive attack. See http://www.ietf.org/mail-archive/web/oauth/current/msg04894.html, http://www.ietf.org/mail-archive/web/oauth/current/msg04900.html, and the last two paragraphs of page 4 of http://pomcor.com/techreports/DoubleRedirection.pdf. Francisco
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth