In section 10.12 (CSRF):
5th paragraph: "A CSRF attack against the against the authorization
server's authorization endpoint"
One "against the" is redundant.
4th paragraph: "The binding value enables the client to validate the
validity of the request by matching the binding value to the
user-agent's authenticated state."
The phrase "validate the validity of the request" sounds a bit
awkward in my opinion. I'd personally go with either "establish the
validity of the request" or simply "validate the request".
-- Niv
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
