Are we at this stage re-opening the entire document? I thought we were responding only to specific shepherd text edits.
Phil On 2012-04-24, at 6:24, Michael Thomas <[email protected]> wrote: > On 04/24/2012 01:17 AM, Mark Mcgloin wrote: >> Hi Thomas >> >> Your additional text is already covered in a countermeasure for section >> 4.1.4. In addition, section 4.1.4.4 states the assumption that the auth >> server can't protect against a user installing a malicious client >> > > The more I read this draft, the more borked I think its base assumptions > are. The client *is* one of the main threats. Full stop. A threat document > should not be asking the adversary to play nice. Yet, 4.1.4 bullets 1 and > 3 are doing exactly that again. If those are countermeasures, then so is > visualizing world peace. > > As for bullet two, it doesn't mention revocation, and I prefer Barry's > section generally. I can't find a section 4.1.4.4 > > Mike > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
