I am sorry that you feel the need to resort to an ad hominem attack,
but my last call comment were not addressed in last call, and this
is the process Barry came up with dealing with them.
And it was hardly "unanimous" and you have no say in determining
consensus so stop presuming to do so.
Mike
On 04/24/2012 09:20 AM, Eran Hammer wrote:
We've been kicking this can of silliness for months now because one person
refuses to move on even in the face of otherwise unanimous consensus from the
group.
Chairs - Please take this ridiculous and never ending thread off list and
resolve it once and for all.
EH
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf
Of Phil Hunt
Sent: Tuesday, April 24, 2012 7:59 AM
To: Michael Thomas
Cc: Barry Leiba; [email protected]; [email protected]
Subject: Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2-
threatmodel
Are we at this stage re-opening the entire document? I thought we were
responding only to specific shepherd text edits.
Phil
On 2012-04-24, at 6:24, Michael Thomas<[email protected]> wrote:
On 04/24/2012 01:17 AM, Mark Mcgloin wrote:
Hi Thomas
Your additional text is already covered in a countermeasure for
section 4.1.4. In addition, section 4.1.4.4 states the assumption
that the auth server can't protect against a user installing a
malicious client
The more I read this draft, the more borked I think its base
assumptions are. The client *is* one of the main threats. Full stop. A
threat document should not be asking the adversary to play nice. Yet,
4.1.4 bullets 1 and
3 are doing exactly that again. If those are countermeasures, then so
is visualizing world peace.
As for bullet two, it doesn't mention revocation, and I prefer Barry's
section generally. I can't find a section 4.1.4.4
Mike
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
