Eran Hammer <e...@hueniverse.com> writes: > We've been kicking this can of silliness for months now because one > person refuses to move on even in the face of otherwise unanimous > consensus from the group. > > Chairs - Please take this ridiculous and never ending thread off list > and resolve it once and for all.
Sure, I'll gladly stop the thread when the document is updated to actually mention all threats that someone has considered and brought to the group's attention. That *is* the point of a threats document, after all. In a threats document nothing should be implicit or assumed -- the reader does not have the advantage of our group's knowledge of the space or operational guidance. As a result, everything should be explicitly stated. Every threat that is brought to the attention of this gorup should be mentioned, explicitly, even if it's only a single sentence as part of a paragraph of "threats that fall outside the aforementioned assumptions" or "threats that have a simple workaround". -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth