On Fri, Jun 10, 2011 at 2:16 PM, Adam Barth <i...@adambarth.com> wrote: > On Fri, Jun 10, 2011 at 10:36 AM, Nico Williams <n...@cryptonector.com> wrote: >> The fundamental issue is that protecting the cookie alone is not >> enough. On open wifi networks it's a fair assumption that the >> difficulty of active attacks is about the same as the difficulty of >> passive attacks. Therefore you need to provide integrity protection >> for most of the request and most of the response, including the >> bodies. > > You can repeat that statement as many times as you want, but that > doesn't make it true.
No, I'm done repeating it. Those who disagree can also continue to ignore it. If it needs trial by fire, so be it. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
