On Tue, Jun 7, 2011 at 9:40 PM, William J. Mills <wmi...@yahoo-inc.com> wrote: > It is possible to implement decent security with MAC, it is also possible to
Not as specified. See earlier posts regarding active attacks. > screw it up. It is far more difficult (impossible?) to implement decent > security with cookies over HTTP. Assuming well-behaved browsers that understand the distinction between "secure" and non-secure cookies, and assuming that active attacks are often no more difficult than passive attacks, what does MAC without TLS add that cookies don't provide? Nico -- _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
