Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2-threatmodel

Michael Thomas <mike@mtcc.com> Tue, 24 April 2012 18:17 UTC

Return-Path: <mike@mtcc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B5D021F881B for <oauth@ietfa.amsl.com>; Tue, 24 Apr 2012 11:17:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.556
X-Spam-Level:
X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NywGHuLC44ue for <oauth@ietfa.amsl.com>; Tue, 24 Apr 2012 11:17:51 -0700 (PDT)
Received: from mtcc.com (mtcc.com [50.0.18.224]) by ietfa.amsl.com (Postfix) with ESMTP id 8E1D421F854F for <oauth@ietf.org>; Tue, 24 Apr 2012 11:17:51 -0700 (PDT)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id q3OIHn2f027175 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 24 Apr 2012 11:17:49 -0700
Message-ID: <4F96EE4D.6070805@mtcc.com>
Date: Tue, 24 Apr 2012 11:17:49 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: Peter Saint-Andre <stpeter@stpeter.im>
References: <CALaySJLy6jpuPqxQXfKfpx0TpcK1gav1NtcTOoh+NOr11JSCbw@mail.gmail.com> <4F8DE789.4030704@mtcc.com> <CALaySJK1ej_HkP5Jz26XT-KjULirD2iFfVOpRkHgPZp-CbJCrg@mail.gmail.com> <4F957EA7.3060004@mtcc.com> <OF3ECF645E.478720A4-ON802579EA.002D0B13-802579EA.002D8D07@ie.ibm.com> <4F96A99F.7010303@mtcc.com> <85556C53-99DD-47A2-A0D5-2F86DD2B668F@oracle.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2FFC41C@P3PWEX2MB008.ex2.secureserver.net> <4F96DA70.4020108@stpeter.im> <0CBAEB56DDB3A140BA8E8C124C04ECA2FFC677@P3PWEX2MB008.ex2.secureserver.net> <4F96EC80.40902@stpeter.im>
In-Reply-To: <4F96EC80.40902@stpeter.im>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1914; t=1335291470; x=1336155470; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[OAUTH-WG]=20Shepherd=20review=20of=20d raft-ietf-oauth-v2-threatmodel |Sender:=20 |To:=20Peter=20Saint-Andre=20<stpeter@stpeter.im> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=rP5aN5PKoUzJZsL1tAYIS0vFFzcf095GyskAd1eJbrc=; b=ZcdsTTyGe6l1fzogJJ01nxAKMY45CGVw1Tzfz6wBsP6le2AwoiHmAvmXpF QpL4zNXFjBqqc0P0+G7CPRPPUx6xMPAviCknV39iQN33hKK4A04GdmTYMAMi ZvrPAtmWKeCS8InfwNzRej1aBmKzcPnYKj9znOA3gPtBynJJ4iFpA=;
Authentication-Results: ; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; ); dkim-asp=pass header.From=mike@mtcc.com
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2-threatmodel
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2012 18:17:52 -0000

On 04/24/2012 11:10 AM, Peter Saint-Andre wrote:
> Indeed you are right, I'd forgotten about that.

The original conclusion was to let oauth progress and move
the discussion to -threats. I brought it up with -threats and
again in last call and got no closure that I recall. Barry's
shepherd review was in response to me bringing up that my
issues had not been resolved in last call.

Mike

>
> On 4/24/12 12:05 PM, Eran Hammer wrote:
>> Barry did make a consensus call when this was originally raised.
>>
>> EH
>>
>>> -----Original Message-----
>>> From: Peter Saint-Andre [mailto:stpeter@stpeter.im]
>>> Sent: Tuesday, April 24, 2012 9:53 AM
>>> To: Eran Hammer
>>> Cc: oauth-chairs@tools.ietf.org; oauth@ietf.org
>>> Subject: Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2-
>>> threatmodel
>>>
>> On 4/24/12 10:20 AM, Eran Hammer wrote:
>>>>> We've been kicking this can of silliness for months now because one
>>>>> person refuses to move on even in the face of otherwise unanimous
>>>>> consensus from the group.
>> Hi Eran,
>>
>> Cans of silliness aside, I'd like to make a brief meta point: we don't vote. So
>> consensus is not a matter of counting noses, it is a matter of addressing valid
>> technical issues that people raise. I shall re-read this thread and related
>> earlier threads to see if the issues raised by Michael Thomas have been
>> answered, but if there are open issues then we need to address them. Now,
>> it might be that he hasn't accepted the answers provided, in which case he
>> might be "in the rough". That's the chairs' call. But it's not necessarily a simple
>> matter of saying that one person disagrees therefore we can move on.
>> However, I think you know that anyway. :)
>>
>> Peter
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth