Re: [OAUTH-WG] WGLC for "OAuth 2.0 Security Best Current Practice"

Wed, 06 Nov 2019 12:57:14 -0800 

1. Normative MUST/REQUIRED is fine in a BCP. 

2. This is not the definitive list, but instead the best list of things that we 
have at this time. There will be more attacks, and more mitigations for those 
attacks.

 — Justin

> On Nov 6, 2019, at 3:16 PM, Jared Jennings <[email protected]> wrote:
> 
> Hi,
> 
> This is my first time reviewing a document or responding to the group. So, 
> with that introduction feel free to guide me along the way.
> 
> Reading through the document, I had a few high-level questions first. I will 
> have more detailed comments later, once I know I'm on the right track and I 
> assume those comments I should just share with the mailing list?
> 
> 1. Since the document is a "Best Practices" document, are the words "MUST" 
> and "REQUIRED" and other definitive terms? Would instead SHOULD and 
> RECOMMENDED be used?
> 
> 2. Should other possible threats and vulnerabilities be included? Meaning, is 
> the list the definitive known list?
> 
> Thanks!
> -Jared
> Skype:jaredljennings
> Signal:+1 816.730.9540
> WhatsApp: +1 816.678.4152
> 
> 
> 
> On Wed, Nov 6, 2019 at 2:27 AM Hannes Tschofenig <[email protected] 
> <mailto:[email protected]>> wrote:
> Hi all,
> 
> this is a working group last call for "OAuth 2.0 Security Best Current 
> Practice".
> 
> Here is the document:
> https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13 
> <https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13>
> 
> Please send you comments to the OAuth mailing list by Nov. 27, 2019.
> (We use a three week WGLC because of the IETF meeting.)
> 
> Ciao
> Hannes & Rifaat
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose the 
> contents to any other person, use it for any purpose, or store or copy the 
> information in any medium. Thank you.
> 
> _______________________________________________
> OAuth mailing list
> [email protected] <mailto:[email protected]>
> https://www.ietf.org/mailman/listinfo/oauth 
> <https://www.ietf.org/mailman/listinfo/oauth>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to