Hi,
We just had a discussion in Stuttgart on the possibility of
misconfigured endpoints, i.e., an honest client uses the wrong endpoints
for interacting with some honest AS. Such a setting might be the outcome
of a social engineering attack against the administrators of a client
(e.g., the attacke
Hi,
All of my comments on oauth-security-topics-13 are
remarks/questions/suggestions for clarification in the document, i.e., I
do not have any fundamental objections. Overall, the draft is, in my
opinion, in good shape to be published and as already discussed, open
points can be updated later. I
Hi all,
can anybody confirm that this is a new / undocumented attack?
Cheers,
Guido, Daniel, and Ralf
On 22.04.2016 16:23, Daniel Fett wrote:
> Hi all,
>
> Besides the state leakage attack we found that another important fact
> regarding state is underspecified: Each state value should only be
Originalnachricht
> Betreff: Re: [OAUTH-WG] State Leakage Attack
> Von: Daniel Fett
> An: Antonio Sanso
> Cc: Guido Schmitz ,oauth@ietf.org,Ralf
> Kuesters
>
> Am 22.04.2016 um 16:39 schrieb Antonio Sanso:
>> hi Daniel
>>
>> On Apr 22, 2
