It is a problem. For a few months now we have been going through this over and over again. The longer we work on this draft the more of this two-sentence changes people suggest. They don't make the document any better, create a false sense of comprehensiveness, and just further delay being done.
So yeah, unless you can prove that there is an actual problem, we are done. EHL On Sep 6, 2011, at 15:22, "Melinda Shore" <melinda.sh...@gmail.com> wrote: > On 09/06/2011 12:59 PM, John Kemp wrote: >> The point is that you have a point. > > He does, and that's in some large part why I don't > fully understand the temperature of the responses. > I do not think it's a particularly big deal to stick > a couple of sentences in the security considerations > underscoring the fact that OAUTH can't do anything > about a compromised host or a malicious application. > I've learned to live with the fact that sometimes > people implementing or deploying security technologies > don't fully understand them and it's my impression that > there's some number of people out there who think that > OAUTH and other third-party protocols provide sufficient > protection against password snagging. > > Melinda > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
