LGTM. Issuing LC. On Mon, Apr 23, 2018 at 12:20 PM, Mike Jones <michael.jo...@microsoft.com> wrote:
> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-09 Sections 5.2 > and 5.3 contain the confused deputy attack updates described in John’s > response during London. > > > > -- Mike > > > > *From:* Eric Rescorla <e...@rtfm.com> > *Sent:* Friday, April 13, 2018 7:37 PM > *To:* Mike Jones <michael.jo...@microsoft.com> > *Cc:* oauth@ietf.org > *Subject:* Re: [OAUTH-WG] Follow up on draft-ietf-oauth-device-flow-08 > > > > Thanks for the quick followup. I will take a look at the next version > > > > -Ekr > > > > > > On Fri, Apr 13, 2018 at 6:06 PM, Mike Jones <michael.jo...@microsoft.com> > wrote: > > We still need to add the text addressing the points described in John > Bradley’s reply to you sent while in London. > > > > -- Mike > > > > *From:* OAuth <oauth-boun...@ietf.org> *On Behalf Of *Eric Rescorla > *Sent:* Friday, April 13, 2018 6:00 PM > *To:* oauth@ietf.org > *Subject:* [OAUTH-WG] Follow up on draft-ietf-oauth-device-flow-08 > > > > Hi folks, > > > > I just looked at the -08 diffs and I see a new section on brute forcing > the token > > but not describing the confused deputy attack. Did I miss something, or > were you > > still planning to add more text? > > > > Thanks > > -Ekr > > > > > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
