Erik Kline has entered the following ballot position for draft-ietf-oauth-browser-based-apps-24: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-browser-based-apps/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Internet AD comments for draft-ietf-oauth-browser-based-apps-24 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments ### S6.2.* * n00b question: does the possibility of a differing apparent source IP address for the (D,J) vs F requests imply that any attempt at using the source IP address (or range) for some security check cannot (or, indeed, MUST NOT) be used? Past experience with such tricks showed their limitations when adding IPv6 addresses to servers -- clients could connect from IPv4 in one request and use IPv6 in a subsequent one. Just curious. Not anything that need be addressed by text here. ## Nits ### S6.1.3.2 * "___Host" vs "__Host" (three leading underscores versus two) _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
