On 23/02/16 07:56, William Denniss wrote: > I also wonder if the spec could be re-titled and focus on use-case that it > solves (supporting multiple ASes without using Connect), rather than the > attack it mitigates. I like that the metadata draft is targeted to solve a > particular use-case, while mitigating some attacks the process. I find this reframing an excellent idea. Today I shared the draft with a few client devs I know. Starting from the use case makes it easier to decide when you need to act (as opposed to figuring out what the attack is and then why you need to act).
Does your client need to support more than one AS? Ok, then do this ... because -> see security considerations. Vladimir
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
