I completely agree that education of users is not an answer to any security question.
Be the change you want to see in the world ..tom On Thu, Aug 22, 2024 at 10:08 AM Watson Ladd <watsonbl...@gmail.com> wrote: > Hello, > > I would like to point out that the issuer verifier problem still > remains open, even given the text in 11. > > The text is directionally wrong. It discusses how the issuer and > verifier must be trusted, not what they can do together, and than only > says that deployers must be aware and educate users. There's nothing > actionable here, and user education doesn't work. Users cannot make > security decisions of this nature, as we know from decades and decades > of experience. > > Can we please get text that informs our readers what the issue is and > what the risks are? > > Sincerely, > Watson Ladd > -- > Astra mortemque praestare gradatim > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
