On Thu, Jun 16, 2011 at 1:25 PM, Torsten Lodderstedt < [email protected]> wrote:
> ** > no I'm saying people will use real secrets and rely on them - just as with > OAuth 1.0 > =) People are going to ignore what the spec says on this. If you read through the mailing list threads on this topic, you'll notice several people have stated quite clearly that they are going to be baking secrets into installed applications, and that they think they have reasonable mitigations in place for the security risk. It's not that those people are dumb, either. They understand exactly what they are doing. And their native applications are not going to be any less secure because of the choices they are making.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
