Hi, This is my first time reviewing a document or responding to the group. So, with that introduction feel free to guide me along the way.
Reading through the document, I had a few high-level questions first. I will have more detailed comments later, once I know I'm on the right track and I assume those comments I should just share with the mailing list? 1. Since the document is a "Best Practices" document, are the words "MUST" and "REQUIRED" and other definitive terms? Would instead SHOULD and RECOMMENDED be used? 2. Should other possible threats and vulnerabilities be included? Meaning, is the list the definitive known list? Thanks! -Jared Skype:jaredljennings Signal:+1 816.730.9540 WhatsApp: +1 816.678.4152 On Wed, Nov 6, 2019 at 2:27 AM Hannes Tschofenig <hannes.tschofe...@arm.com> wrote: > Hi all, > > this is a working group last call for "OAuth 2.0 Security Best Current > Practice". > > Here is the document: > https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13 > > Please send you comments to the OAuth mailing list by Nov. 27, 2019. > (We use a three week WGLC because of the IETF meeting.) > > Ciao > Hannes & Rifaat > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
