Thanks again for the feedback Scott. I've staged an update here: https://github.com/WilliamDenniss/draft-ietf-oauth-device-flow/pull/6
It expands on the brute force attack section to include some detail on this attack, as it is quite unique for OAuth brute-force attacks (since the victim actually ends up with the attacker's grant on the device, instead of the other way around – not that this is totally safe of course, it's just unique). It also adds some further discussion around what factors need to be considered by authorization servers when creating the user code format. I'll post this once my co-authors have reviewed, and the submission tool re-opens. On Fri, Jan 5, 2018 at 10:56 AM Rifaat Shekh-Yusef <rifaat.i...@gmail.com> wrote: > Hi Scott, > > Sorry, I missed that last discussion that you had with William. > > > *William,* > > Can you please update the document based on your last discussion with > Scott? > I will then update the request for publication to use the new updated > version. > > Regards, > Rifaat > > > > On Fri, Jan 5, 2018 at 12:40 PM, Hollenbeck, Scott < > shollenb...@verisign.com> wrote: > >> > -----Original Message----- >> > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Rifaat Shekh- >> > Yusef >> > Sent: Friday, January 05, 2018 12:30 PM >> > To: e...@rtfm.com >> > Cc: oauth@ietf.org; iesg-secret...@ietf.org; oauth-cha...@ietf.org >> > Subject: [EXTERNAL] [OAUTH-WG] Publication has been requested for draft- >> > ietf-oauth-device-flow-07 >> > >> > Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-device- >> > flow-07 as Proposed Standard on behalf of the OAUTH working group. >> > >> > Please verify the document's state at >> > https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ >> >> The document really should be updated to reflect the last call >> discussions prior to requesting publication for the -07 version that needs >> to be updated. >> >> Scott >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
