IETF Logo Mail Archive

Re: [OAUTH-WG] problem statement

Aiden Bell <aiden449@gmail.com> Wed, 07 September 2011 19:22 UTC

Return-Path: <aiden449@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 146A321F8B28 for <oauth@ietfa.amsl.com>; Wed, 7 Sep 2011 12:22:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.3
X-Spam-Level:
X-Spam-Status: No, score=-3.3 tagged_above=-999 required=5 tests=[AWL=0.298, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X+FWOswu40VK for <oauth@ietfa.amsl.com>; Wed, 7 Sep 2011 12:22:01 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by ietfa.amsl.com (Postfix) with ESMTP id E43CB21F8B16 for <oauth@ietf.org>; Wed, 7 Sep 2011 12:22:00 -0700 (PDT)
Received: by qyk35 with SMTP id 35so4854985qyk.10 for <oauth@ietf.org>; Wed, 07 Sep 2011 12:23:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xQn+oc5U0blMbznTmRTmeGjBp0K+tVaCxq1trxDn7aM=; b=MdWOB2uNaMK29E3BS8HH0dn5dRSYA4IHFrAgxwXjiH/25GAblfp9C+GNBUTzbAxVSh z/bDNkEz1EbtjmGeD0C+yW6Wb95HlsPa4vqOfBCbyBepCtkuAjOEp1NbYucovnLGON29 IoVuMXdfu9/Zuq8k1eDZf4hz9V/NqY8qSeqCA=
MIME-Version: 1.0
Received: by 10.229.71.161 with SMTP id h33mr5063535qcj.276.1315423430630; Wed, 07 Sep 2011 12:23:50 -0700 (PDT)
Received: by 10.229.249.71 with HTTP; Wed, 7 Sep 2011 12:23:50 -0700 (PDT)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E7234518A4F274E@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <4E665B25.6090709@mtcc.com> <4E6661FA.7050804@alcatel-lucent.com> <CD0B1909-8298-4CC3-B273-7B26E71EAB31@hueniverse.com> <4E666512.7010701@mtcc.com> <F4839FCD-CA73-4450-AD12-E07D46BB7746@hueniverse.com> <4E6667D1.3080404@mtcc.com> <1315334677.26387.YahooMailNeo@web31809.mail.mud.yahoo.com> <4E666B65.30701@mtcc.com> <29815937-0FB9-463B-B6E4-8FCAF7B3CD8C@hueniverse.com> <4E666E73.3050502@mtcc.com> <CAMrm-MJHKTxaj1iEm_Lr=X92sOiWZcYN4F6dNqb5w5gh4OPndQ@mail.gmail.com> <4E6671FA.3090503@gmail.com> <4E667469.2040007@mtcc.com> <1315337809.3136.38.camel@ground> <4E667953.9020906@mtcc.com> <71A460EE-1E2C-4165-99A8-5A97D6E9365C@jkemp.net> <4E667E2E.7090304@mtcc.com> <80A88920-A1EF-4A1C-A97E-F99379923CFB@jkemp.net> <4E66845E.7090906@mtcc.com> <E3DEC4C8-6BB0-44EE-821A-7589F5DC6462@jkemp.net> <4E669D3C.5000900@gmail.com> <7D4DF72E-B211-4D41-B447-4CF04E9CB1D8@hueniverse.com> <4E67A710.9070505@alcatel-lucent.com> <4E67A942.1070200@mtcc.com> <90C41DD21FB7C64BB94121FBBC2E7234518A4F274E@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Wed, 07 Sep 2011 20:23:50 +0100
Message-ID: <CA+5SmTXonD3g8hqaL=Hz2bCVrW9LazUR14J5qYQ_uiiSP7f_MQ@mail.gmail.com>
From: Aiden Bell <aiden449@gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: multipart/alternative; boundary="0016e65058104fdbad04ac5ee283"
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] problem statement
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2011 19:22:02 -0000

I'm gonna ditch the (lengthy) reply I was drafting and agree with the below.

Personally, my communication with the OAuth WG has been spot on. Warm
welcome, open minds
and a very good process to getting my requirements/concerns heard and
pragmatic change enacted.

All I saw here was foot stomping and a counter-productive approach to
communicating by those
not getting their way.

On 7 September 2011 20:12, Eran Hammer-Lahav <eran@hueniverse.com> wrote:

> Michael,
>
> I suggest you go back and read the entire thread again:
>
> http://www.ietf.org/mail-archive/web/oauth/current/maillist.html
>
> I don't think you have been listening to the 11 (!) people who all
> completely disagree with you and dismiss your suggestions (on technical
> grounds). The one person who supported your plea didn't actually make any
> technical contribution.
>
> If anyone wants to make accusations about behaving like adults, that should
> be the 11 people who tried to explain why you are simply wrong and were
> completely ignored by you. Any perceived hostility is easily justified by
> having to explain the same thing over and over again to someone who refuses
> to list and insists on labeling this work as lacking and insecure. We take
> real security pretty seriously here.
>
> You asked a question as someone "very new to thinking about this problem
> space" and was answered by experts. The fact that you refuse to accept their
> answers is while being , at this point, your problem. You were given
> multiple opportunities to present an alternative text and technical
> justification to support it, but refused to do so.
>
> You might not like my tone, but I consider making a statement like this:
>
> > In fact, you guys have convinced me that OAuth gives inferior protection
> at
> > considerable expense for all concerned.
>
> an irresponsible and serious offense - the kind of baseless FUD that can
> cause real damage to important work.
>
> EHL
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>



-- 
------------------------------------------------------------------
Never send sensitive or private information via email unless it is
encrypted. http://www.gnupg.org

v2.23.0 | Report a Bug | By Email