Dick, > Maybe you should stop using Twitter as anyone that can MITM your > session can tweet as you since Twitter does not enforce HTTPS on > twitter.com
Thanks for pointing that out. I haven't looked at the security posture of Twitter, I just mentioned Twitter because Eran did. The point I was trying to make is that unauthorized write access to protected resources (e.g. sending tweets or updates) can do as much damage as unauthorized read access. Francisco
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
