e are a lot of folks that agree with you.
*From:* L. Preston Sego III mailto:lpse...@gmail.com>>
*To:* oauth@ietf.org <mailto:oauth@ietf.org>
*Sent:* Friday, February 1, 2013 7:37 AM
*Subject:* [O
Preston Sego III ; "oauth@ietf.org" <
> oauth@ietf.org>
> *Sent:* Wednesday, February 6, 2013 8:23 AM
> *Subject:* Re: [OAUTH-WG] I'm concerned about how the sniffability of
> oauth2 requests
>
>
>
> On Mon, Feb 4, 2013 at 9:57 PM, William Mills wrote:
>
owser?
From: Prabath Siriwardena
To: William Mills
Cc: L. Preston Sego III ; "oauth@ietf.org"
Sent: Wednesday, February 6, 2013 8:23 AM
Subject: Re: [OAUTH-WG] I'm concerned about how the sniffability of oauth2
requests
On Mon, Feb 4, 2013 at 9:57 PM, William Mill
-
> *From:* L. Preston Sego III
> *To:* oauth@ietf.org
> *Sent:* Friday, February 1, 2013 7:37 AM
> *Subject:* [OAUTH-WG] I'm concerned about how the sniffability of oauth2
> requests
>
> In an oauth2 request, the access token is passed along in the header, with
> nothin
: oauth@ietf.org
> Subject: Re: [OAUTH-WG] I'm concerned about how the sniffability of oauth2
> requests
>
> On 04/02/13 16:27, William Mills wrote:
>> There are two efforts at signed token types: MAC which is still a
>> possibility if we wake up and do it,
>
> I&
@ietf.org
Subject: Re: [OAUTH-WG] I'm concerned about how the sniffability of oauth2
requests
On 04/02/13 16:27, William Mills wrote:
> There are two efforts at signed token types: MAC which is still a
> possibility if we wake up and do it,
I'd rephrase it slightly differently, it
uary 1, 2013 7:37 AM
*Subject:* [OAUTH-WG] I'm concerned about how the sniffability of oauth2
requests
In an oauth2 request, the access token is passed along in the header,
with nothing else.
As I understand it, oauth2 was designed to be simple for everyone to
use. And while, that's true,
-
*From:* L. Preston Sego III
*To:* oauth@ietf.org
*Sent:* Friday, February 1, 2013 7:37 AM
*Subject:* [OAUTH-WG] I'm concerned about how the sniffability of
oauth2 requests
In an oauth2 request, the access token is passed along in the header,
with nothing else.
As I under
February 1, 2013 7:37 AM
Subject: [OAUTH-WG] I'm concerned about how the sniffability of oauth2 requests
In an oauth2 request, the access token is passed along in the header, with
nothing else.
As I understand it, oauth2 was designed to be simple for everyone to use. And
while, that's
In an oauth2 request, the access token is passed along in the header, with
nothing else.
As I understand it, oauth2 was designed to be simple for everyone to use.
And while, that's true, I don't really like how all of the security is
reliant on SSL.
what if an attack can strip away SSL using a to
10 matches
Mail list logo
