On 01/04/2012 12:41 PM, Barry Leiba wrote:
up being a compromised browser or a native application that the user perhaps unwisely installed, all the security in the framework goes out
^^^^^^^^^
the window, because an untrustworthy UA can fiddle with pretty much everything.
I think the "perhaps unwisely" goes to the heart of my objection. You might as well be talking about "perhaps unwisely" driving a car, or "perhaps unwisely" eating food: the reality is that people download apps by the *billions*. When I was initially blown off, many of the participants including document editors implied that only idiots get apps for their phones. That is *completely* unhelpful as the reality is that OAUTH's use is hugely if not primarily deployed in that sort of environment. This is a threat that cuts to the very heart of what OAUTH is, and purports to defend against: keeping user credentials out of the hands of an untrusted third party. If there really aren't any good ways to mitigate this in an app environment, why is OAUTH being deployed so aggressively there? Shouldn't the threat draft say in blinking bold: "DEPLOYING OAUTH IN NATIVE APPS CONSIDERED HARMFUL"? Mike _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
