I don't think so. If you are not running a server on port 80, the connection will never happen and nothing bad will be send on the wire.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of William Mills > Sent: Wednesday, October 13, 2010 5:05 PM > To: Breno; Jeff Lindsay > Cc: [email protected] > Subject: Re: [OAUTH-WG] Request sent to http: instead of https:` > > This rather implies that we're specifying running a full server on port 80 as > a > "stupid detector". We should tread carefully here. > > > +1 for language in the spec describing how to handle this case > > > > On Wed, Oct 13, 2010 at 4:12 PM, Jeff Lindsay <[email protected]> > > wrote: > > >> Hopefully you also invalidate the token (if bearer) since it was > > send over > > >> an insecure channel. > > > > > > Excuse my naivety, but perhaps that's worth putting in the spec? > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
