Yes I believe I I addressed these comments as part of Barry’s discuss points.
They were comments on the changes that Barry introduced that caused a
inconsistency. I resolved that in 15.
I think it is good to go.
On Jul 10, 2015, at 12:29 PM, Kathleen Moriarty
John,
The updates were included in the version I approved for posting that also
addressed Barry's discuss points, correct?
Are we good with the current version to move forward:
https://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
Thank you,
Kathleen
On Thu, Jul 9, 2015 at 2:46 PM, John
Thanks, Brian!
William? Are you good with this version?
On Fri, Jul 10, 2015 at 12:11 PM, Brian Campbell bcampb...@pingidentity.com
wrote:
I think -15 does address the inconsistency.
On Fri, Jul 10, 2015 at 9:36 AM, John Bradley ve7...@ve7jtb.com wrote:
Yes I believe I I addressed these
I think -15 does address the inconsistency.
On Fri, Jul 10, 2015 at 9:36 AM, John Bradley ve7...@ve7jtb.com wrote:
Yes I believe I I addressed these comments as part of Barry’s discuss
points.
They were comments on the changes that Barry introduced that caused a
inconsistency. I resolved
Thank you all for your work on this draft!
On Fri, Jul 10, 2015 at 12:57 PM, William Denniss wdenn...@google.com
wrote:
Looks good to me. I think it's a lot clearer now, thanks for the update
John.
Unrelated, I noticed a typo in 7.5. TLS security considerations, the
word 'Curent'.
On
I agree with William that it's a little confusing. I get that there's a
desire to discourage using plain but perhaps the language (especially the
MUST NOT in 7.2) should be lightened up just a bit?
On Wed, Jul 8, 2015 at 8:22 PM, William Denniss wdenn...@google.com wrote:
Following up the
I have made some edits to make it consistent. They are checked into the
butbucket repo nat and I use, but we can’t update the official draft during the
freeze before the IETF meeting.
https://bitbucket.org/Nat/oauth-spop
On Jul 9, 2015, at 3:19 PM, Brian Campbell bcampb...@pingidentity.com
Following up the discussion on today's NAPPS call, I understand why plain
is not presented as the recommended approach in the spec (though it still
has some value over not doing PKCE at all, in that it mitigates against the
current known attack where a rogue app registers the same custom URI
Thanks, I fixed my finger dyslexia for the next draft.
I changed it to t_m rather than “t” I think that is clearer. If I were to do
it the other way XML2RFC would have double quotes in the text version.
John B.
On Jul 7, 2015, at 9:38 PM, William Denniss wdenn...@google.com wrote:
In
t_m works for me, I just think we should have some indication that it's
the name of the transform. Will you also update where it is referenced in
the description below Figure 2?
On Tue, Jul 7, 2015 at 6:28 PM, John Bradley ve7...@ve7jtb.com wrote:
Thanks, I fixed my finger dyslexia for the
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Proof Key for Code Exchange by OAuth Public Clients
Authors : Nat Sakimura
11 matches
Mail list logo
