Gentlepersons: I'm the editor of the FierceEnterpriseCommunications newsletter (http://fierceenterprisecommunications.com), and have seen the Web site posted by the student in China claiming a serious vulnerability in OAuth and OpenID (http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html). I know it is OAuth's policy not to discuss bugs publicly for obvious reasons, but I would be very happy to report this claim to be a hoax if this fellow never discussed it with you first (which might have been the responsible thing to do) and if this claim is being made up. Have you had any communication with Wang Jing, and do you have any reason to believe his public claims to be valid?
My thanks in advance for any help you can provide. Yours sincerely, Scott M. Fulton, III Editor, FierceEnterpriseCommunications 5664 Fen Court Indianapolis, IN 46220 USA (317) 430-1855 LinkedIn: Scott M. Fulton III Twitter: @SMFulton3 Skype: scott.fulton
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
