On Thu, Jun 16, 2011 at 2:14 PM, Igor Faynberg < igor.faynb...@alcatel-lucent.com> wrote:
> ** > > > On 6/16/2011 4:51 PM, Brian Eaton wrote: > > On Thu, Jun 16, 2011 at 1:49 PM, Torsten Lodderstedt < > tors...@lodderstedt.net> wrote: > >> If those people have reasonable means in place to protect secrets on >> deployment channels and in the local installation - fine. I would be eager >> to learn more about those means because I would be willed to utilize them as >> well. >> > > No, they don't have anything that really protects the secrets. They are > just willing to accept the risk. > > And what about the people who are not willing to accept the risk? (I am > one of them!) > If you aren't willing to accept the risk of native apps that can't keep secrets, don't support such apps. You're done. What the spec says does not impact what risk you need to take on.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
