On 4/24/09 3:23 AM, Mike Malone wrote: > The callback nonce would make it impossible for the attacker to forge > the response without changing the callback (access token exchange would > fail). And any of the three mechanisms listed above would secure the > callback. That should be sufficient to eliminate the threat.
... "except in the case where the shared secret is freely available, such as desktop applications." If there's going to be a revision to the spec., we should collectively take the opportunity to FIX it completely, including desktop and mobile applications or in any situation where the shared secrets are potentially revealed to an attacker. Instead of a callback nonce, we need to start the whole process with an identity nonce (the "authentication token" I keep referring to) that the Consumer must use in order to initiate the entire authorization flow. -- Dossy Shiobara | [email protected] | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
