+1 =nat via iPhone
Aug 28, 2014 6:27、Brian Campbell <bcampb...@pingidentity.com> のメッセージ: > There was a previous discussion > (http://www.ietf.org/mail-archive/web/oauth/current/msg12860.html and other > messages in the thread) about lengths where the general consensus seemed to > be that the length restriction should be on both the code_verifier and the > code_challenge parameter values. And also discussed in terms of octets > rather than bytes. Those minor changes should be made as part of the WGLC > process. > > > > >> On Wed, Aug 27, 2014 at 10:40 AM, John Bradley <ve7...@ve7jtb.com> wrote: >> OK that explains it. >> >> You are basically giving the authors and reviewers a hurry up as it is >> security related. >> >> Nat and I will give it a higher priority then. >> >> Nat and I would like feedback on it quickly then. >> >> As you point out it is not a complex extension and has been deployed in a >> number of cases. >> >> As long as we are clear that the authors aren’t trying to slip something >> through. (In this case:) >> >> John B. >> >> On Aug 27, 2014, at 11:45 AM, Hannes Tschofenig <hannes.tschofe...@gmx.net> >> wrote: >> >> > Based on the reaction from a few I thought I should add a few words >> > about this working group last call. >> > >> > There is no requirement to wait a specific timeframe after a document >> > became a WG item to issue a working group last call. >> > >> > In this specific case, the document was around for a while and I didn't >> > see a reason for not-finishing it as soon as possible. >> > >> > Additionally, since the document deals with a security vulnerability >> > that is being exploited today I thought it might make sense to get the >> > attention from the group to review it. >> > >> > Finally, it is also a fairly "simple" document (if there is something as >> > simple in this working group). >> > >> > Ciao >> > Hannes >> > >> > On 08/26/2014 09:32 PM, Hannes Tschofenig wrote: >> >> Hi all, >> >> >> >> This is a Last Call for comments on the "Symmetric Proof of Possession >> >> for the OAuth Authorization Code Grant" specification. >> >> >> >> The document can be found here: >> >> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/ >> >> >> >> Please have your comments in no later than September 9th. >> >> >> >> Ciao >> >> Hannes & Derek >> >> >> >> >> >> >> >> _______________________________________________ >> >> OAuth mailing list >> >> OAuth@ietf.org >> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> > >> > _______________________________________________ >> > OAuth mailing list >> > OAuth@ietf.org >> > https://www.ietf.org/mailman/listinfo/oauth >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth