What issues, specifically. (Messages are all over the place and I don’t know exactly what issues you’re raising. Is it with the approach we’re proposing or something else?)
Paul From: Nico Williams [mailto:n...@cryptonector.com] Sent: Wednesday, June 08, 2011 10:55 AM To: Paul E. Jones Cc: apps-disc...@ietf.org; Nico Williams; OAuth WG; HTTP Working Group; Ben Adida; Adam Barth; Eran Hammer-Lahav; http-st...@ietf.org Subject: RE: [http-state] [apps-discuss] HTTP MAC Authentication Scheme On Jun 8, 2011 2:09 AM, "Paul E. Jones" <pau...@packetizer.com> wrote: > > Nico, > > Cookies would still be employed. A cookie would be used to identify the > particular user, for example. However, it's important to make sure that the > cookie provided by the client to the server is not stolen. It's important to > ensure that the client provided by the server to the client is not modified. > That's the reason for the MAC. Once we can ensure the integrity of the > message exchange, then the existing cookie mechanism can provide us with the > secure state management capability we need. You're still not addressing the issues raised. Nico --
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
