Hey Eran!
On Jan 9, 2010, at 12:12 PM, Eran Hammer-Lahav wrote:
[...] (sure, agreed)
> My proposed language would be along the lines of "MUST use a secure channel
> such as TLS/SSL or another mechanism providing the same protections". This
> allows not using TLS/SSL when the environment provid
Hi John,
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of John Kemp
> Sent: Saturday, January 09, 2010 4:43 AM
> What is the actual reasoning behind this change? I don't understand why we
> would suddenly now decide to make some whole clas
2010/1/9 John Kemp :
> On Jan 8, 2010, at 9:15 PM, Eran Hammer-Lahav wrote:
>
> What is the actual reasoning behind this change? I don't understand why we
> would suddenly now decide to make some whole class of implementations
> non-conforming, even if there were only few deployments?
Eran did a
On Jan 8, 2010, at 9:15 PM, Eran Hammer-Lahav wrote:
[...]
> Is there a *good* reason why the 1.0 specification should not mandate using
> a secure channel for PLAINTEXT?
I guess the question is whether you want implementations using other methods to
ensure confidentiality and which don't ne
