Stephen asked:
> (13) 10.9 says that the client MUST verify the server's cert which is fine. > However, does that need a reference to e.g. rfc 6125? > Also, do you want to be explicit here about the TLS server cert and thereby > possibly rule out using DANE with the non PKI options that that WG (may) > produce? Can someone help with this? I don't know enough to address. EHL
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
