On 12/15/2011 09:54 AM, Phil Hunt wrote:
Note: one change recommended below...
With regards to 4.1.4…
4.1.4. Threat: End-user credentials phished using compromised or
embedded browser
A malicious application could attempt to phish end-user passwords by
misusing an embedded bro
Note: one change recommended below...
With regards to 4.1.4…
4.1.4. Threat: End-user credentials phished using compromised or
embedded browser
A malicious application could attempt to phish end-user passwords by
misusing an embedded browser in the end-user authorization process,
On 12/15/2011 09:32 AM, Mark Mcgloin wrote:
Hi Michael
We reviewed the threat model document in light of the concerns you raised
(originally in a thread called "Problem Statement") and decided that we
already provided enough information on threats and countermeasures from
malicious applications.
This hasn't been addressed:
http://www.ietf.org/mail-archive/web/oauth/current/msg07867.html
Perhaps no one thinks it is a problem?
There are several grammatical nits that should be fixed. I've had all
the best intentions of reporting those last week but simply have not
yet had the time.
Regards,
Thanks Barry - I just responded to that thread. We will not be making any
changes to the threat model based on that comment
Regards
Mark
oauth-boun...@ietf.org wrote on 15/12/2011 14:30:02:
> From:
>
> Barry Leiba
>
> To:
>
> oauth WG
>
> Date:
>
> 15/12/2011 14:30
>
> Subject:
>
> Re: [OAUTH-
Hi Michael
We reviewed the threat model document in light of the concerns you raised
(originally in a thread called "Problem Statement") and decided that we
already provided enough information on threats and countermeasures from
malicious applications.
In addition, the consensus from the Oauth W
> Working group last call begins today on the threat model document:
> http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-01
>
> Please review this version and post last call comments by 9 December.
Sorry, folks: I got a little behind here.
Working-group last call is now over. There were
