We've been kicking this can of silliness for months now because one person refuses to move on even in the face of otherwise unanimous consensus from the group.
Chairs - Please take this ridiculous and never ending thread off list and resolve it once and for all. EH > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Phil Hunt > Sent: Tuesday, April 24, 2012 7:59 AM > To: Michael Thomas > Cc: Barry Leiba; [email protected]; [email protected] > Subject: Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2- > threatmodel > > Are we at this stage re-opening the entire document? I thought we were > responding only to specific shepherd text edits. > > Phil > > On 2012-04-24, at 6:24, Michael Thomas <[email protected]> wrote: > > > On 04/24/2012 01:17 AM, Mark Mcgloin wrote: > >> Hi Thomas > >> > >> Your additional text is already covered in a countermeasure for > >> section 4.1.4. In addition, section 4.1.4.4 states the assumption > >> that the auth server can't protect against a user installing a > >> malicious client > >> > > > > The more I read this draft, the more borked I think its base > > assumptions are. The client *is* one of the main threats. Full stop. A > > threat document should not be asking the adversary to play nice. Yet, > > 4.1.4 bullets 1 and > > 3 are doing exactly that again. If those are countermeasures, then so > > is visualizing world peace. > > > > As for bullet two, it doesn't mention revocation, and I prefer Barry's > > section generally. I can't find a section 4.1.4.4 > > > > Mike > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
