On Tue, Aug 11, 2020 at 02:35:20PM -0600, Brian Campbell wrote: > I also suspect the Jwsreq authors won't respond to this and the > request/suggestion will be ignored. Which is discouraging. I realize it's > late in the process for this document but it's been in IESG Evaluation > since early 2017. And the recent ballot comments > https://mailarchive.ietf.org/arch/msg/oauth/FMljWETMEkGTI4pUluqIqtAJ_9A/ > suggests changes to the draft should still be forthcoming. So also adding a > brief statement to the security considerations doesn't seem inconceivable.
Yup, I expect further changes to the document before publication. Thanks for resurfacing this topic; I updated my ballot position to include a reference to it. -Ben _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
