Re: [OAUTH-WG] Auth Code Swap Attack

I believe we have full consensus on this approach. EHL From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] Sent: Tuesday, August 23, 2011 11:06 PM To: Eran Hammer-Lahav Cc: OAuth WG (oauth@ietf.org) Subject: Re: [OAUTH-WG] Auth Code Swap Attack making CSRF prevention a MUST and

Re: [OAUTH-WG] Auth Code Swap Attack

I believe we have full consensus on this approach. I agree, and I will close the issue. Barry, happy chair ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] [oauth] #23: Auth Code Swap Attack (CSRF)

#23: Auth Code Swap Attack (CSRF) Changes (by barryleiba@…): * status: new = closed * resolution: = fixed Comment: Consensus is to make CSRF prevention a MUST and to recommend the state parameter as an implementation mechanism. Text will go into version -21. --

Re: [OAUTH-WG] OMA Liaison Has Arrived!

Bravo! This has been project-managed masterly. Igor On 8/24/2011 8:32 AM, Barry Leiba wrote: On Mon, Aug 22, 2011 at 1:53 PM, Barry Leibabarryle...@computer.org wrote: I intend to add the following to the response to this item: The working group understands that client code needs to know