Hello Brian,
Section 2 states:
Under the attacker model defined in [I-D.ietf-oauth-security-topics],
the mechanism defined by this specification aims to prevent token
replay at a different endpoint.
More precisely, if an adversary is able to get hold of an access
token or refresh
Hello WG,
Just a quick note to let folks know that -03 of the DPoP draft was
published earlier today. The usual various document links are in the
forwarded message below and the relevant snippet from the doc history with
a summary of the changes is included here for convenience.
Hopefully folks w
