Hi Stephen,
I'm concerned about your proposal (7) to make support for MAC a MUST for
clients and BEARER a MAY only. In my opinion, this does not reflect the
group's consensus. Beside this, the security threat analysis justifies
usage of BEARER for nearly all use cases as long as HTTPS (incl. server
authentication) can be utilized.
regards,
Torsten.
Am 13.10.2011 19:13, schrieb Stephen Farrell:
Hi all,
Sorry for having been quite slow with this, but I had a bunch
of travel recently.
Anyway, my AD comments on -22 are attached. I think that the
first list has the ones that need some change before we push
this out for IETF LC, there might or might not be something
to change as a result of the 2nd list of questions and the
rest are really nits can be handled either now or later.
Thanks for all your work on this so far - its nearly there
IMO and we should be able to get the IETF LC started once
these few things are dealt with.
Cheers,
S.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
