Thank you for the feedback!
I would like to keep the order as it is. Section 2 is short, but
explains a bit on the background why certain requirements were not
contained in RFC6749 and RFC6819, but are now best practices described
in Section 3.
-Daniel
Am 14.05.24 um 16:15 schrieb Éric Vyncke via Datatracker:
Éric Vyncke has entered the following ballot position for
draft-ietf-oauth-security-topics-27: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer tohttps://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Thank you for the work put into this document.
Special thanks to Hannes Tschofenig for the shepherd's detailed write-up
including the WG consensus *BUT* the justification of the intended status is
rather light.
My only comment is more on the flow: for the non-expert reader, reading
sections 3+4 (threat) before will make it easier to undestanding the reasoning
behind section 2.
I am trusting the SEC and APP ADs for the technical correctness of the document.
_______________________________________________
OAuth mailing list --oauth@ietf.org
To unsubscribe send an email tooauth-le...@ietf.org
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
