Write content and ping me off list. To avoid confusion, note that oauth.net<http://oauth.net> has nothing to do with this list and the IETF.
EHL On Sep 6, 2011, at 16:12, "Aiden Bell" <aiden...@gmail.com<mailto:aiden...@gmail.com>> wrote: Perhaps a solution is to push OAuth.net<http://OAuth.net> as more of a "everything you ever wanted to know about OAuth" and direct non-core issues there for a page of good content to be created. This way the RFC can focus on the issue at hand and broader scope can be taken care of without having a 40+ thread on something like this. Developers can still have a voice on these things, even if it isn't directly through the RFC. I feel strongly enough that I would be willing to help here. Let me know if I can be of any assistance in having these things dealt with more appropriately through something like that. Aiden On 6 September 2011 23:27, Eran Hammer-Lahav <<mailto:e...@hueniverse.com>e...@hueniverse.com<mailto:e...@hueniverse.com>> wrote: It is a problem. For a few months now we have been going through this over and over again. The longer we work on this draft the more of this two-sentence changes people suggest. They don't make the document any better, create a false sense of comprehensiveness, and just further delay being done. So yeah, unless you can prove that there is an actual problem, we are done. EHL On Sep 6, 2011, at 15:22, "Melinda Shore" <<mailto:melinda.sh...@gmail.com>melinda.sh...@gmail.com<mailto:melinda.sh...@gmail.com>> wrote: > On 09/06/2011 12:59 PM, John Kemp wrote: >> The point is that you have a point. > > He does, and that's in some large part why I don't > fully understand the temperature of the responses. > I do not think it's a particularly big deal to stick > a couple of sentences in the security considerations > underscoring the fact that OAUTH can't do anything > about a compromised host or a malicious application. > I've learned to live with the fact that sometimes > people implementing or deploying security technologies > don't fully understand them and it's my impression that > there's some number of people out there who think that > OAUTH and other third-party protocols provide sufficient > protection against password snagging. > > Melinda > _______________________________________________ > OAuth mailing list > <mailto:OAuth@ietf.org> OAuth@ietf.org<mailto:OAuth@ietf.org> > <https://www.ietf.org/mailman/listinfo/oauth> > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list <mailto:OAuth@ietf.org>OAuth@ietf.org<mailto:OAuth@ietf.org> <https://www.ietf.org/mailman/listinfo/oauth>https://www.ietf.org/mailman/listinfo/oauth -- ------------------------------------------------------------------ Never send sensitive or private information via email unless it is encrypted. <http://www.gnupg.org> http://www.gnupg.org
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
