On Wed, Jan 15, 2020 at 08:12:52PM -0800, Benjamin Kaduk wrote: > I'm only the irresponsible AD here, but I expect that you would be welcome > (nay, encouraged!) to write up a clear explanation of why the current > (post-IESG) formulation is bad, what a better formulation should be, and > why. This would presumably also include some justification for how the > better formulation remains secure (which can be somewhat challenging when > combining data sources that have differing levels of provenance). The > strongest voice that drove the change at IESG evaluation (Ben C) is no longer > on the IESG, though IIRC the arguments resonated pretty well with me.
[looks like I'm misremembering the bit about Ben C, at least as far as shows up at https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/history/] _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
