Hi Sam, if you want to document it then we may need to provide a bit more text. I could imagine that we find that text in some of the OAuth documents.
Ciao Hannes > -----Original Message----- > From: ext Sam Hartman [mailto:[email protected]] > Sent: Monday, December 19, 2011 5:09 PM > To: Tschofenig, Hannes (NSN - FI/Espoo) > Cc: [email protected] > Subject: Re: [abfab] Issue #6 - bad flow of text for authentication > requriements > > >>>>> ""Tschofenig," == "Tschofenig, Hannes (NSN <- FI/Espoo)" > <[email protected]>> writes: > > "Tschofenig,> The sentence you are referring to, namely "Aside from > "Tschofenig,> a valuable secret being exposed, a synchronization > "Tschofenig,> problem can also often develop." should be deleted. I > "Tschofenig,> understand that there may be a synchronization > problem > "Tschofenig,> when you cache your distribute your long term secret > "Tschofenig,> everywhere but that's only secondary (and less > "Tschofenig,> important). > > I disagree that this synchronization issue is secondary in terms of > deployment concerns. I actually think that the synchronization issue > drives up support costs and creates a real business case for ABFAB far > more than the security issues. > So, I'd rather continue to document this issue. > > --Sam _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
