You clearly feel strongly about this. The only way forward if you want to pursue this is to suggest text and show how providing it will lead to more secure implementations. Otherwise this is just going in circles.
EHL On Sep 6, 2011, at 18:13, "Michael Thomas" <m...@mtcc.com> wrote: > On 09/06/2011 06:08 PM, Peter Saint-Andre wrote: >> Put me in the "may not have been avoided" camp. We can't legislate >> common sense (which, sadly, is all too uncommon). >> > > Can somebody show me in the archives where this has been > discussed before? Specifically about oauth clients that also > have control of the web UA? > > In any case, you site this as common sense. It's not. You are > close to the problem. Nobody else is. > > Mike > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
