On Thu, Apr 23, 2020 at 04:52:49PM +0000, Mike Jones wrote: > > I’d personally point out these non-compliant behaviors to the vendors and ask > them to fix them. Their non-compliance makes it harder for clients to > interoperate with them, hurting both. Name names, if that’s what it takes.
My understanding is that David Benjamin (author of TLS GREASE) put a lot of time into tracking down and persuading vendors of broken implementations to fix their stuff before GREASE itself could even be widely deployed without a fallback. GREASE is the result of wanting to never have to do that again :) So yes, someone should start tracking these people down, and I see a pretty decent case for writing down something about OAuth GREASE as well. -Ben _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
