Re: [OAUTH-WG] Confusing wording in section 2.1
Eran Hammer-Lahav <eran@hueniverse.com> Fri, 08 April 2011 16:20 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C725A28C0ED for <oauth@core3.amsl.com>; Fri, 8 Apr 2011 09:20:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.647
X-Spam-Level:
X-Spam-Status: No, score=-2.647 tagged_above=-999 required=5 tests=[AWL=-0.049, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wk4i66hed0ig for <oauth@core3.amsl.com>; Fri, 8 Apr 2011 09:20:45 -0700 (PDT)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by core3.amsl.com (Postfix) with SMTP id 40A303A69D2 for <oauth@ietf.org>; Fri, 8 Apr 2011 09:20:45 -0700 (PDT)
Received: (qmail 29135 invoked from network); 8 Apr 2011 16:22:30 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 8 Apr 2011 16:22:29 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Fri, 8 Apr 2011 09:22:13 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Andrew Arnott <andrewarnott@gmail.com>
Date: Fri, 08 Apr 2011 09:22:04 -0700
Thread-Topic: [OAUTH-WG] Confusing wording in section 2.1
Thread-Index: Acv2CR4ygdZZHLZXSQ6JAGymoXk9Uw==
Message-ID: <A761E212-8F85-492D-BB4F-6EA743B5AFAB@hueniverse.com>
References: <BANLkTi=rcMTaKSijUpuUk=D09cAACj2Usw@mail.gmail.com>
In-Reply-To: <BANLkTi=rcMTaKSijUpuUk=D09cAACj2Usw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_A761E2128F85492DBB4F6EA743B5AFABhueniversecom_"
MIME-Version: 1.0
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confusing wording in section 2.1
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2011 16:20:46 -0000
Typo. On Apr 8, 2011, at 8:04, "Andrew Arnott" <andrewarnott@gmail.com<mailto:andrewarnott@gmail.com>> wrote: Draft 15, section 2.1 Since requests to the authorization endpoint result in user authentication and the transmission of clear-text credentials (in the HTTP response), the authorization server MUST require the use of a transport-layer security mechanism when sending requests to the token endpoints. The authorization server MUST support TLS 1.2 as defined in [RFC5246], and MAY support additional transport-layer mechanisms meeting its security requirements. I'm confused by the fact that token endpoints must use HTTPS due to a trait of the authorization endpoint. Am I missing something here, or is this perhaps a misprint? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre We're hiring! My team at Microsoft has 7 open slots. <http://bit.ly/fZBVUo> http://bit.ly/fZBVUo _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Confusing wording in section 2.1 Andrew Arnott
- Re: [OAUTH-WG] Confusing wording in section 2.1 Eran Hammer-Lahav