Perhaps a solution is to push OAuth.net as more of a "everything you ever wanted to know about OAuth" and direct non-core issues there for a page of good content to be created. This way the RFC can focus on the issue at hand and broader scope can be taken care of without having a 40+ thread on something like this.
Developers can still have a voice on these things, even if it isn't directly through the RFC. I feel strongly enough that I would be willing to help here. Let me know if I can be of any assistance in having these things dealt with more appropriately through something like that. Aiden On 6 September 2011 23:27, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > It is a problem. For a few months now we have been going through this over > and over again. The longer we work on this draft the more of this > two-sentence changes people suggest. They don't make the document any > better, create a false sense of comprehensiveness, and just further delay > being done. > > So yeah, unless you can prove that there is an actual problem, we are done. > > EHL > > On Sep 6, 2011, at 15:22, "Melinda Shore" <melinda.sh...@gmail.com> wrote: > > > On 09/06/2011 12:59 PM, John Kemp wrote: > >> The point is that you have a point. > > > > He does, and that's in some large part why I don't > > fully understand the temperature of the responses. > > I do not think it's a particularly big deal to stick > > a couple of sentences in the security considerations > > underscoring the fact that OAUTH can't do anything > > about a compromised host or a malicious application. > > I've learned to live with the fact that sometimes > > people implementing or deploying security technologies > > don't fully understand them and it's my impression that > > there's some number of people out there who think that > > OAUTH and other third-party protocols provide sufficient > > protection against password snagging. > > > > Melinda > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- ------------------------------------------------------------------ Never send sensitive or private information via email unless it is encrypted. http://www.gnupg.org
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
