I recall the same with Torsten and Brian. At least, there was a sentiment in the room that we have to come up with a comprehensive analysis of the security model and threat to come up with a proper solution.
Trying to keep patching the protocol because you can would not be helpful. Nat -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of tors...@lodderstedt.net Sent: Tuesday, April 19, 2016 5:17 PM To: hannes.tschofe...@gmx.net; bcampb...@pingidentity.com Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Meeting Minutes Different people, different perceptions :-) But anyway, the discussion on the list has already started, right? -------- Originalnachricht -------- Betreff: Re: [OAUTH-WG] Meeting Minutes Von: Hannes Tschofenig <hannes.tschofe...@gmx.net <mailto:hannes.tschofe...@gmx.net> > An: Brian Campbell <bcampb...@pingidentity.com <mailto:bcampb...@pingidentity.com> >,Torsten Lodderstedt <tors...@lodderstedt.net <mailto:tors...@lodderstedt.net> > Cc: oauth@ietf.org <mailto:oauth@ietf.org> Hi Torsten, On 04/19/2016 12:34 AM, Brian Campbell wrote: > > I felt some consensous around the topic that in the end, there must be > normative chances to the core protocol and the respective security > considerations. > > Barry gave his advice regarding updates in this context. There was no consensus on this topic during the meeting and, in addition, we have to consult those on the mailing list as well. Barry, in my understanding, outlined the different options we have at the meeting. Ciao Hannes
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
