Yes, with the solutions in Section 4.3 of http://tools.ietf.org/html/draft-tschofenig-oauth-security-00 the Client has to use keying material. With the solution in Section 4.1 of the same document they don't.
On Sep 10, 2012, at 12:40 PM, [email protected] wrote: > But in http-mac, and hot-sk, client needs to know the key to calculate MAC, > contradiction? _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
