On Saturday, January 9, 2010, Eran Hammer-Lahav wrote:
> Hi John,
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of John Kemp
>> Sent: Saturday, January 09, 2010 4:43 AM
>
>> What is the actual reasoning behind this change? I don't unde
I fully support this. I think Zachary has been questioning that
"should," too, in his recent post.
Furthermore, even if there are implementations that are not using TLS
(or SSL), I would look at it as an implementation--not
specification--problem. The specification must not have known security
