Re: [OAUTH-WG] Barry Leiba's Discuss on draft-ietf-oauth-spop-12: (with DISCUSS and COMMENT)

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 11 June 2015 20:06 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A1E31B311E; Thu, 11 Jun 2015 13:06:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvYdQAb1Zrao; Thu, 11 Jun 2015 13:06:17 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B7201B311C; Thu, 11 Jun 2015 13:06:16 -0700 (PDT)
Received: from [192.168.10.236] ([12.217.69.145]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0M9eHT-1YtTYZ25k7-00CygM; Thu, 11 Jun 2015 22:06:13 +0200
Message-ID: <5579EA2F.5020404@gmx.net>
Date: Thu, 11 Jun 2015 22:06:07 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Barry Leiba <barryleiba@computer.org>
References: <20150611184955.1618.38149.idtracker@ietfa.amsl.com> <5579DB31.30807@gmx.net> <CALaySJJKwOVAWHry41khzNg6fDpkW6No2QQsz5PG6amvnNHSaQ@mail.gmail.com> <CALaySJKQYkVjZPDr=4n-+JPdfH2o1DrHRP9c_kLAuJXLLW_ptA@mail.gmail.com>
In-Reply-To: <CALaySJKQYkVjZPDr=4n-+JPdfH2o1DrHRP9c_kLAuJXLLW_ptA@mail.gmail.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="sBUu5T65HPnKXQGI3rHUTLuuEHr1Nk698"
X-Provags-ID: V03:K0:t6xbDGfYZwR3FmTXtTKcYh7P7HSsi833Z77VsbhqgCaAdTI+Y9P PjZFEHUnULsB07Tq37f+7/k0+7ZCCW8UuORhYBQqcgJWsuRSPSDeSoITCZ1D582SidHn/eB Q6UKgJg1grxr2Y4Uu0ztTq+eIg2OBGhqnT7rYwe8lWy/TGenQjQR6vwCXBSsBKnWiESNm56 oX9ePF//Gu+DzG1eCMo9w==
X-UI-Out-Filterresults: notjunk:1;V01:K0:AdX+XYNQIT0=:hLxi3tbz9ZPM1XLY2nAVkU Dif+zi4MhCUAnwRhL3l2Pz9ehdn+kYDhYYZYnkjwo9gjHGln0niJua5vTd9dlTNZYYgnkeR73 H9CvmFLghj2df7/7pANaJtf+nGLNep+EnM2dc8/B03u8/nQbEUsfUBmLb3dpVP/RIztYZNGss keoVhZESFLIUTfYI55cGHABCaVka6or960NR4znJuwX2KAiEDkyRjk7zlKF9tTQM086bNmc7T 1gYk9jk8BYB+h+RzPPBVXVFyqpQSDBZrUBHny/HDVoNcE5V8u3H2cH8m4yg/x5++1khwiVAF1 WqS7T8Me7B4rbrWzgMicbFN0e6yUfSr1G+nK50tuT+Afm7Hd/48SemENYatcBr32gLP3uL2RB zb/c/n972Jv5VGzIyCFZ2BFeOpXoS71cV0PjeSeWecEPGMhTKNwg/mMLeSaiTOV2GMlxPR8MO vCbxz3YrrTIIOiXqb+EDF9b2zGORc7h88GHrkRscCU5JoBdoT3ij+1JQHNWtgJ7v4/yLEqBBO uf9/DohgmkaBf8CgHfgK4HjUYkgWyjaswV+TxX27YV/ibJFRrJEN6C6zQR2JUq6/fZku2/qaH ibZzXNo7wm81Fz1PJAcOed3PaiFBS1fd9FknBJI5nP4w4tXyJDfBIf/x6Rp+faCeKFhrQ5InJ FU7T4+AG2pChLQWUj7mtlb+ZWKku4gUvzn5xky8U+Y0lrfg==
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/SR89VlKXf_UXy5WUVlqJOvG5-jc>
Cc: draft-ietf-oauth-spop@ietf.org, oauth WG <oauth@ietf.org>, draft-ietf-oauth-spop.shepherd@ietf.org, The IESG <iesg@ietf.org>, oauth-chairs@ietf.org, draft-ietf-oauth-spop.ad@ietf.org
Subject: Re: [OAUTH-WG] Barry Leiba's Discuss on draft-ietf-oauth-spop-12: (with DISCUSS and COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2015 20:06:18 -0000

Sounds good to me, Barry!

On 06/11/2015 09:10 PM, Barry Leiba wrote:
>> Ah, got it.  Then it would be good for (4) to say that, maybe just by
>> > adding to the end, "This mechanism does not protect again the more
>> > sophisticated attack."  Sound OK?
> That should be "against", of course, not "again".  I hate tupos.