On Jun 1, 2011, at 7:58 AM, Eran Hammer-Lahav wrote: > I don't think you have made the case why you age is any harder to implement > than a timestamp. It is not that your email isn't clear, it's that we're not > convinced that timestamp will produce any better result than age in practice. > This is purely technical, not political.
That's no longer my point. I've now realized it doesn't work for all of my uses for MAC token (assuming we validate age, either by the implementation Adam suggested or by the one I had assumed where age is judged "old" by comparing to a device system time). Let me know if my latest response to Adam doesn't it make it clear why this does not work for either client credentials or a token issued to multiple instances of a client. If not, I'll continue attempting to explain myself. I also would like to see the specification not to be configurable. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
