Eran, > Google, Facebook, and Yahoo! already indicated they will not enforce > such a MUST. I could not get a clear answer from Twitter. > > However, no one representing this companies has bothered to express > this view on the list, and to express how they would like the > specification to handle this case. This is why I stopped advocating > for it (personally, my own product is already end-to-end TLS, and when > we open it up for developers, will not enforce it for personal > installations).
Good. The IETF is not a consortium of companies. What the WG should debate is whether the IETF should endorse lack of security. Francisco
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
