IETF Logo Mail Archive

Re: [OAUTH-WG] problem statement

Eran Hammer-Lahav <eran@hueniverse.com> Wed, 07 September 2011 19:13 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D12A221F8D56 for <oauth@ietfa.amsl.com>; Wed, 7 Sep 2011 12:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.56
X-Spam-Level:
X-Spam-Status: No, score=-2.56 tagged_above=-999 required=5 tests=[AWL=0.039, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MDdd5PM8HzR7 for <oauth@ietfa.amsl.com>; Wed, 7 Sep 2011 12:13:23 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by ietfa.amsl.com (Postfix) with SMTP id 33FFD21F8D57 for <oauth@ietf.org>; Wed, 7 Sep 2011 12:13:23 -0700 (PDT)
Received: (qmail 28985 invoked from network); 7 Sep 2011 19:15:12 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 7 Sep 2011 19:15:11 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Wed, 7 Sep 2011 12:14:50 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Michael Thomas <mike@mtcc.com>
Date: Wed, 07 Sep 2011 12:12:54 -0700
Thread-Topic: [OAUTH-WG] problem statement
Thread-Index: Acxtg1Jf+aH1E+O0RTCtfUK/dHOnbAACMKow
Message-ID: <90C41DD21FB7C64BB94121FBBC2E7234518A4F274E@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <4E665B25.6090709@mtcc.com> <4E6661FA.7050804@alcatel-lucent.com> <CD0B1909-8298-4CC3-B273-7B26E71EAB31@hueniverse.com> <4E666512.7010701@mtcc.com> <F4839FCD-CA73-4450-AD12-E07D46BB7746@hueniverse.com> <4E6667D1.3080404@mtcc.com> <1315334677.26387.YahooMailNeo@web31809.mail.mud.yahoo.com> <4E666B65.30701@mtcc.com> <29815937-0FB9-463B-B6E4-8FCAF7B3CD8C@hueniverse.com> <4E666E73.3050502@mtcc.com> <CAMrm-MJHKTxaj1iEm_Lr=X92sOiWZcYN4F6dNqb5w5gh4OPndQ@mail.gmail.com> <4E6671FA.3090503@gmail.com> <4E667469.2040007@mtcc.com> <1315337809.3136.38.camel@ground> <4E667953.9020906@mtcc.com> <71A460EE-1E2C-4165-99A8-5A97D6E9365C@jkemp.net> <4E667E2E.7090304@mtcc.com> <80A88920-A1EF-4A1C-A97E-F99379923CFB@jkemp.net> <4E66845E.7090906@mtcc.com> <E3DEC4C8-6BB0-44EE-821A-7589F5DC6462@jkemp.net> <4E669D3C.5000900@gmail.com> <7D4DF72E-B211-4D41-B447-4CF04E9CB1D8@hueniverse.com> <4E67A710.9070505@alcatel-lucent.com> <4E67A942.1070200@mtcc.com>
In-Reply-To: <4E67A942.1070200@mtcc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] problem statement
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2011 19:13:23 -0000

Michael,

I suggest you go back and read the entire thread again:

http://www.ietf.org/mail-archive/web/oauth/current/maillist.html

I don't think you have been listening to the 11 (!) people who all completely disagree with you and dismiss your suggestions (on technical grounds). The one person who supported your plea didn't actually make any technical contribution.

If anyone wants to make accusations about behaving like adults, that should be the 11 people who tried to explain why you are simply wrong and were completely ignored by you. Any perceived hostility is easily justified by having to explain the same thing over and over again to someone who refuses to list and insists on labeling this work as lacking and insecure. We take real security pretty seriously here.

You asked a question as someone "very new to thinking about this problem space" and was answered by experts. The fact that you refuse to accept their answers is while being , at this point, your problem. You were given multiple opportunities to present an alternative text and technical justification to support it, but refused to do so.
 
You might not like my tone, but I consider making a statement like this:

> In fact, you guys have convinced me that OAuth gives inferior protection at
> considerable expense for all concerned.

an irresponsible and serious offense - the kind of baseless FUD that can cause real damage to important work.

EHL

v2.23.0 | Report a Bug | By Email