Re: [OAUTH-WG] OAuth 2.0 Device Flow LC Comment (and OpenID Connect)

From: William Denniss [mailto:wdenn...@google.com] Sent: Tuesday, January 02, 2018 5:38 PM To: Hollenbeck, Scott Cc: oauth@ietf.org Subject: [EXTERNAL] Re: [OAUTH-WG] OAuth 2.0 Device Flow LC Comment (and OpenID Connect) On Mon, Nov 27, 2017 at 6:32 AM Hollenbeck, Scott mailto:shollenb...@ver

Re: [OAUTH-WG] Token scanning attacks in RFC 7662

On 3 Jan 2018, at 07:07, Vladimir Dzhuvinov wrote: > > > On 02/01/18 19:01, Neil Madden wrote: >> How does authentication address the problem? > Authentication increases the effective entropy. An attacker fist has to be > break the client secret, then successfully guess the token. Authenticat