On Sep 6, 2011, at 4:36 PM, Michael Thomas wrote: […]
> But even if you did it once, how did you know that you didn't reveal your > credentials > to a bad guy? > > And I'm being told that this isn't even worthy of any mention anywhere? I came > here hoping to hear that the attack wasn't possible, or could be mitigated. The attack can be mitigated, but it cannot be prevented through protocols like OAuth (or any other protocol that I know of) alone. The point is that you have a point. But OAuth alone cannot address your point - it provides a different -- and still useful, mitigation for attacks on user credentials sent over a network. It's not a superhero though. - John > Zoicks. > > Mike _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
