> -----Original Message----- > From: Dave Nelson [mailto:[email protected]] > Sent: Tuesday, April 19, 2011 5:25 AM
> > The claim that "removing is a breaking issue" is patently wrong. > > From what I've read in this thread, I can't support that notion. If > interoperable implementations can't be crafted without *some* resolution > to this issue, it indeed seems like a "breaking issue" to me. This might be correct in general, but you are taking this out of the specific context of the requested change. The proposed change does not accomplish by itself any level of interoperability since it is merely an extension point. It cannot be used without further profiling (and I have demonstrated in a previous reply why even further profiling might not produce a secure solution given the vague normative requirements provided). IOW, in order for this proposed change to accomplish interoperability, additional specifications must be published (which also addresses some of your other concerns). EHKL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
