On 09/07/2011 10:22 AM, Phil Hunt wrote:
You should read the threat model document. This document has more editorial on
these kinds of issues.
This seems reasonable to me, and thank you so much for departing
from what seems to be standard working group mode by dealing with
this like an adult.
On 09/07/2011 12:03 PM, Eran Hammer-Lahav wrote:
We clearly have different views on what it means to [deal] with this like an
adult.
Very possibly. What bothered me was the reflexive dismissal
of usability issues without consideration, and the nasty tone
of some of the responses. When
On 09/06/2011 11:11 AM, Jill Burrows wrote:
I repeat, it is not an OAuth problem.
If I'm reading Mike correctly (and if I'm not it won't be the
first time I've misunderstood him), he's not really asking for
OAUTH to solve this particular problem but to clarify the
documents and beef up
On 09/06/2011 12:59 PM, John Kemp wrote:
The point is that you have a point.
He does, and that's in some large part why I don't
fully understand the temperature of the responses.
I do not think it's a particularly big deal to stick
a couple of sentences in the security considerations
On 09/06/2011 04:23 PM, Peter Saint-Andre wrote:
I just looked at the most recent specifications for TLS (RFC 5246) and
secure shell (RFC 4253), which I think we'd all agree are two quite
successful security technologies. Neither of those specs says anything
about not protecting humans users
I'm unable to attend in person but I'm hoping that remote participation
will be an option - any hope of that?
Thanks,
Melinda
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
At the oauth session at IETF 80, I volunteered to review the use
cases document (draft-zeltsan-oauth-use-cases).
Overall I liked the document a lot and thought the structure (pre-
conditions, post-conditions, requirements) was excellent. I do
wonder if the post-conditions aren't somewhat overly
