Hi William, On 22 May 2017, at 23:14, William Denniss <wdenn...@google.com> wrote:
>> Section 8.1 makes the statement that "Loopback IP based redirect URIs may >> be susceptible to interception by other apps listening on the same >> loopback interface." That's not how TCP listener sockets work: for any >> given IP address, they guarantee single-process access to a port at any >> one time. (Exceptions would include processes with root access, but an >> attacking process with that level of access is going to be impossible to >> defend against). While mostly harmless, the statement appears to be false >> on its face, and should be removed or clarified. > > Will be removed in the next update. Thank you. Actually, I disagree with Adam on this, because what he says is OS specific. So I think the text is valuable and should stay.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
