On 09/07/2011 10:17 AM, Igor Faynberg wrote:
+300 (if I can do that) to indicate my strong agreement. But if
somehow it is decided to add a few sentences on saying that OAuth
cannot deal with key-logging, I will insist on adding two sentences
each on OAuth being unable to deal with 1) earthquakes, 2) certain
contageous diseases, etc., [...]
Please, enough of the hyperbole. It is not clear or obvious whether this is
a protocol issue or not. It brings into question whether the protocol is
worth
deploying at all, and that is surely an issue. As far as I can tell,
there is very
little upside to deploying OAuth in the general case over, say,
Basic+TLS. In
fact, you guys have convinced me that OAuth gives inferior protection at
considerable expense for all concerned.
Mike
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
