Either way is okay. But straight to GitHub with a PR is probably easier https://github.com/danielfett/draft-dpop
On Thu, Nov 17, 2022 at 5:18 PM Dmitry Telegin <dmitryt= 40backbase....@dmarc.ietf.org> wrote: > Agreed on general guidance, will try to draft the text. Should I post it > here first or go straight to GitHub? > > On Wed, Nov 16, 2022 at 1:49 PM Brian Campbell <bcampbell= > 40pingidentity....@dmarc.ietf.org> wrote: > >> >> >> On Mon, Nov 14, 2022 at 5:18 PM Dmitry Telegin <dmitryt= >> 40backbase....@dmarc.ietf.org> wrote: >> >>> >>> To sum up, my idea is that in cases when we can unambiguously establish >>> the scheme used, we should include error info into the corresponding >>> challenge only. In cases of ambiguity, both challenges should be used to >>> deliver error info. If this make sense, could it be worth covering this >>> topic in the spec? >>> >> >> Is there some text you could propose that offers guidance along those >> lines? Probably to go in sec 7.2, which is where multiple authentication >> schemes are mentioned. Your idea seems like a generally appropriate >> approach. I don't believe there's necessarily a right or wrong though. Some >> general guidance could be helpful but I'd be hesitant about going further. >> >> >> >> *CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). Any >> review, use, distribution or disclosure by others is strictly prohibited. >> If you have received this communication in error, please notify the sender >> immediately by e-mail and delete the message and any file attachments from >> your computer. Thank you.* > > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
