On Oct 7, 2014, at 1:14 PM, John Bradley <[email protected]> wrote: > Encrypting and then signing is likely only a special case used by some > applications that are configured to understand what is going on.
This isn't really responsive to what I said. As I said, I'm just asking you to be consistent, not to change the requirements. I don't think that text in the security considerations section addresses the inconsistency I'm talking about in a different section. That said, please don't continue to talk to me about this. If you think there's an action to take, take it. If not, no need to continue trying to explain. I'm okay with it either way. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
