Me too ;-)
There are tradeoffs, no question -- and I used the verb suggest to
indicate only a weak preference, on balance.
On Jan 23, 2007, at 14:19, Hallam-Baker, Phillip wrote:
I get really worried whenever I see such statements. They tend to
be the sign of a long drawn out specification effort rather than a
short one.
If you want to change the Internet you have a lot of gatekeepers to
convince. Deciding that you don't have time to do that is usually a
mistake.
The key is to understand which parties are really gatekeepers and
which are not. Two gatekeepers that must be convinced here are the
security cabal and the open source community.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Johannes Ernst
Sent: Tuesday, January 23, 2007 3:57 PM
To: Recordon, David
Cc: specs@openid.net
Subject: Re: OpenID Auth 2.0 security considerations
Given where we are in time, I would suggest to make the
smallest amount of changes possible to the document, i.e.
leave everything as is, just add this one link.
On Jan 23, 2007, at 11:59, Recordon, David wrote:
I don't see a problem with that.
Would you propose the majority of the security
considerations section
in the current draft be moved to the wiki? What would be
the balance
between spec and wiki page?
--David
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Johannes Ernst
Sent: Monday, January 22, 2007 12:15 PM
To: specs@openid.net
Subject: OpenID Auth 2.0 security considerations
What about a non-normative link from the spec to a place on
the wiki
where we can collect security considerations for it, and
update those
in real-time as discussions such as the phishing one progress.
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs