On 09/06/2011 12:59 PM, John Kemp wrote:
The point is that you have a point.
He does, and that's in some large part why I don't fully understand the temperature of the responses. I do not think it's a particularly big deal to stick a couple of sentences in the security considerations underscoring the fact that OAUTH can't do anything about a compromised host or a malicious application. I've learned to live with the fact that sometimes people implementing or deploying security technologies don't fully understand them and it's my impression that there's some number of people out there who think that OAUTH and other third-party protocols provide sufficient protection against password snagging. Melinda _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
