I like it, it's definitely the best out of the list. Aaron
On Thu, Jun 15, 2023 at 7:57 AM Pieter Kasselman <pieter.kasselman= [email protected]> wrote: > Hi folks, one of the discussion points at IETF 116 for the cross-device > security BCP was finding a collective name for the exploits of the cross > device flows we were seeing. We got several suggestions since then (see > list below). > > > > We are thinking of adopting the term “Cross-Device Consent Phishing > (CDCP)” given that it describes the scope of the attacks (cross-device), > the purpose of the attacks (obtaining user consent), and the technique > (phishing, and other social engineering techniques). > > > > Does this feel like a good descriptive name to adopt? > > > > The list of names that was suggested over the last few months: > > > > 1. Cross-Device Consent Phishing > 2. Illicit Consent Grant Attack > 3. Attacker-in-the-Middle Attack > 4. Authorization Context Manipulation Attack > 5. Authorization Context Manipulation Exploit > 6. "Cross-Device Authorization Exploit" > 7. "Social Engineering Token Theft" > 8. "Authorization Flow Manipulation Exploit" > 9. Context Manipulation Authorization Exploit > 10. Zishing > 11. Azishing > 12. FlowJack > 13. AuthJack > 14. TokenJack > 15. Permitphishing, > 16. Authishing > > > > Cheers > > > > Pieter > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
