On Sat, Dec 26, 2009 at 12:30 AM, John Smith <[email protected]> wrote: > 2009/12/26 John Smith <[email protected]>: >> 2009/12/26 Matt Amos <[email protected]>: >>> On Fri, Dec 25, 2009 at 9:38 AM, John Smith <[email protected]> >>> wrote: >>>> I don't think OAuth is a valid security method. >>> >>> why not? >> >> If you hadn't snipped my email you would have read the answer.
i didn't see anything in the rest of your email(s) germane to OAuth, which is why i snipped that bit. > Unless cryptography is involved how do you know your packets aren't > being intercepted and proxied and altered in transit? because OAuth does cryptographic signing of the requests. > Sure OSM isn't much of a target at present, however the more popular > that something becomes the more likely it is to be attacked as well. OSM is already being attacked by some vandals and some spam bots. but none of these attacks have been against the authentication parts of OSM. cheers, matt _______________________________________________ talk mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk
