On Tuesday, 24 January 2017 04:40:12 UTC, Jeremy Rowley wrote: > And why wouldn't a request token fit the patent's interpretation of a "Pass > String"? The only definition I saw in the patent was something generated by > the validating entity and forwarded to the requester.
The digest of the key authorization, which I identified as the Request Token in the Baseline Requirements terminology is _not_ generated by the validating entity. They couldn't if they wanted to. Do you see why? Even if you squint very hard indeed this digest isn't "the Pass String", but it is a Request Token because it binds this demonstration of control to this request, something a "Pass String" can't do. That's absolutely key to understanding why this trick works. Such an understanding is completely absent from the patent, because the patent isn't describing what the Baseline Requirements call a Request Token but only a Random Value which it calls the "Pass String". Whether a lawyer can be paid to pretend otherwise in a Western District of Texas specialist patent court remains to be seen. But meanwhile the plain truth is discernible to us non-lawyers. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
