Eran Hammer-Lahav wrote:
I understood his request and disagree that any action needs to be taken.
It is unreasonable to expect every protocol to discuss the security
considerations of a user installing malware.
If you could find an equivalent attack on, oh say, DKIM, I'd say yes you
should discuss it. OAuth is a user-facing protocol. That means that users
will be using it. It absolutely guarantees you that hackers will hack it.
In the case of embedded webviews, oauth makes the malware situation worse
from what I can tell.
Mike
EHL
From: Melinda Shore <[email protected]
<mailto:[email protected]>>
Date: Tue, 6 Sep 2011 12:18:18 -0700
To: "[email protected] <mailto:[email protected]>" <[email protected]
<mailto:[email protected]>>
Subject: Re: [OAUTH-WG] problem statement
On 09/06/2011 11:11 AM, Jill Burrows wrote:
I repeat, it is not an OAuth problem.
If I'm reading Mike correctly (and if I'm not it won't be the
first time I've misunderstood him), he's not really asking for
OAUTH to solve this particular problem but to clarify the
documents and beef up discussions of what is and is not in
scope. He read the document and couldn't figure out whether
or not this particular problem is the business of the working
group.
Melinda
_______________________________________________
OAuth mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
------------------------------------------------------------------------
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
