Comments inline:
On Thu, Feb 9, 2012 at 7:51 AM, Manger, James H
james.h.man...@team.telstra.com wrote:
Eran, a couple of comments on the new MAC spec:
The example (§1.1) does not seem to be correct. That is, I calculate
mac=6T3zZzy2Emppni6bzL7kdRxUWL4= instead of the given value.
I get
In core -23, the last paragraph of section
3.1http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1 now says:
The authorization server MUST ignore unrecognized request
parameters.
In -22, this said:
The authorization server SHOULD ignore unrecognized
And same change requested in 3.2 4.1.2, and 4.2.2, which also require ignoring
unrecognized parameters.
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike
Jones
Sent: Thursday, February 16, 2012 10:16 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Ignoring unrecognized
No, this is required for forward compatibility. Implementations that send
extended parameters like capability advertisements (i.e. CAPTCHA support or
something) shoudl not be broken hitting older implementations.
From: Mike Jones michael.jo...@microsoft.com
+1
Yes, forward compatibility and extensions will be broken if
unrecognized params are not allowed.
Marius
On Thu, Feb 16, 2012 at 10:32 AM, William Mills wmi...@yahoo-inc.com wrote:
No, this is required for forward compatibility. Implementations that send
extended parameters like
+1
On 02/16/2012 10:45 AM, Marius Scurtescu wrote:
+1
Yes, forward compatibility and extensions will be broken if
unrecognized params are not allowed.
Marius
On Thu, Feb 16, 2012 at 10:32 AM, William Millswmi...@yahoo-inc.com wrote:
No, this is required for forward compatibility.
Can you give an example where an unknown parameter being ignored can lead to
security issues?
EH
From: John Bradley ve7...@ve7jtb.commailto:ve7...@ve7jtb.com
Date: Thu, 16 Feb 2012 11:55:21 -0700
To: William Mills wmi...@yahoo-inc.commailto:wmi...@yahoo-inc.com
Cc:
I haven't seen much feedback so I assume this is almost ready for LC. I
will apply the suggestions below and will request a WGLC for -02.
EH
On 2/8/12 10:51 PM, Manger, James H james.h.man...@team.telstra.com
wrote:
Eran, a couple of comments on the new MAC spec:
The example (§1.1) does not