On 03/04/2010 09:00 PM, Blaine Cook wrote:
One of the things that's been a primary focus of both today's WG call
and last week's call is what are the specific use cases for
signatures?
- Why are signatures needed?
- What do signatures need to protect?
Let's try to outline the use cases! Please reply here, so that we have
a good idea of what they are as we move towards the Anaheim WG.
After reviewing the rest of the replies to this I'll offer up
something I believe is missing.
The hidden assumption of the questions is (I think) that the channel
is secure, yes? In that case: Signatures will protect you against
failing to get your channel protection right - so will channel bindings btw!
Cheers Leif
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
