> -----Original Message----- > From: Brian Eaton [mailto:[email protected]] > Sent: Thursday, May 27, 2010 6:21 PM
> OAuth 1.0 was unusual in that it required that the server match a hash of the > URL, rather than the real URL. It's an extra layer of indirection and > complexity. It doesn't improve security. The current draft signs the real URL. EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
