IETF Logo Mail Archive

Re: [OAUTH-WG] Issue 16, revised Redirection URI section (3.1.2)

Eran Hammer-Lahav <eran@hueniverse.com> Mon, 25 July 2011 22:20 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2631F21F8BDE for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 15:20:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.556
X-Spam-Level:
X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ji0OmUNhazjQ for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 15:20:51 -0700 (PDT)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by ietfa.amsl.com (Postfix) with SMTP id 9D61C21F8BD9 for <oauth@ietf.org>; Mon, 25 Jul 2011 15:20:51 -0700 (PDT)
Received: (qmail 9733 invoked from network); 25 Jul 2011 22:20:51 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.21) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 25 Jul 2011 22:20:51 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT003.EX1.SECURESERVER.NET ([72.167.180.21]) with mapi; Mon, 25 Jul 2011 15:20:44 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Date: Mon, 25 Jul 2011 15:20:07 -0700
Thread-Topic: [OAUTH-WG] Issue 16, revised Redirection URI section (3.1.2)
Thread-Index: AcxK8Au+9LyaBH5fSCyFJsbpbymLFwAKNZSw
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723450245F58E1@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <4E274554.5070606@lodderstedt.net> <90C41DD21FB7C64BB94121FBBC2E72345021F378BC@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E2D7B3F.10001@lodderstedt.net> <90C41DD21FB7C64BB94121FBBC2E723450245F574F@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E2DA756.8010400@lodderstedt.net>
In-Reply-To: <4E2DA756.8010400@lodderstedt.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Issue 16, revised Redirection URI section (3.1.2)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 22:20:52 -0000

Since these issues are covered in the security section, I think it is enough to simply stress the importance of using TLS for the redirection endpoint and leave the more detailed analysis for later in the document.

But if you want to propose new text, I'm open to it.

EHL

> -----Original Message-----
> From: Torsten Lodderstedt [mailto:torsten@lodderstedt.net]
> Sent: Monday, July 25, 2011 10:27 AM
> To: Eran Hammer-Lahav
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] Issue 16, revised Redirection URI section (3.1.2)
> 
> Hi Eran,
> 
> >> Regarding this particular section: I think the two different issues
> >> (transport security and endpoint authenticity) should be presented
> separately.
> > Which section?
> 
> 3.1.2.1.
> 
> regards,
> Torsten.
> 
> > EHL

v2.23.0 | Report a Bug | By Email