2009/12/26 Matt Amos <[email protected]>: > On Sat, Dec 26, 2009 at 1:46 AM, John Smith <[email protected]> wrote: >> 2009/12/26 Matt Amos <[email protected]>: >>> because OAuth does cryptographic signing of the requests. >> >> Via a clear channel, which can be proxied and mangled and so on. > > proxied yes, mangled no. the cryptographic signature which OAuth > performs allows the server to detect if the request was modified > en-route and it will reject it if so.
I should have been clear, I didn't mean it would be accepted I meant it might get mangled and be unusable: http://www.theregister.co.uk/2009/12/23/vodafone_christmas/ The problem is that the WAP APN, while it is packet based and offers the same speed, doesn't provide unfettered internet access. It routes everything through Vodafone's Novarra-supplied gateway which mangles content and puts additional adverts navigation features into web pages. Those wanting to run their own instant messaging client, or applications that use HTTP transport and don't want it mangled, need to switch to the "Contract Internet" APN, which won't be free next week. > OAuth isn't a substitute for SSL, but it is a substitute for passwords Nuff said. _______________________________________________ talk mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk
