https://tools.ietf.org/html/draft-ietf-oauth-device-flow-09 Sections 5.2 and
5.3 contain the confused deputy attack updates described in John’s response
during London.
-- Mike
From: Eric Rescorla <e...@rtfm.com>
Sent: Friday, April 13, 2018 7:37 PM
To: Mike Jones <michael.jo...@microsoft.com>
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Follow up on draft-ietf-oauth-device-flow-08
Thanks for the quick followup. I will take a look at the next version
-Ekr
On Fri, Apr 13, 2018 at 6:06 PM, Mike Jones
<michael.jo...@microsoft.com<mailto:michael.jo...@microsoft.com>> wrote:
We still need to add the text addressing the points described in John Bradley’s
reply to you sent while in London.
-- Mike
From: OAuth <oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org>> On Behalf
Of Eric Rescorla
Sent: Friday, April 13, 2018 6:00 PM
To: oauth@ietf.org<mailto:oauth@ietf.org>
Subject: [OAUTH-WG] Follow up on draft-ietf-oauth-device-flow-08
Hi folks,
I just looked at the -08 diffs and I see a new section on brute forcing the
token
but not describing the confused deputy attack. Did I miss something, or were you
still planning to add more text?
Thanks
-Ekr
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
