[OAUTH-WG] Please review security document section 5

Torsten Lodderstedt <torsten@lodderstedt.net> Fri, 29 July 2011 13:15 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 03C3321F84C8 for <oauth@ietfa.amsl.com>; Fri, 29 Jul 2011 06:15:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.131
X-Spam-Status: No, score=-2.131 tagged_above=-999 required=5 tests=[AWL=0.118, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id gYWNg5b0DEXz for <oauth@ietfa.amsl.com>; Fri, 29 Jul 2011 06:15:31 -0700 (PDT)
Received: from smtprelay05.ispgateway.de (smtprelay05.ispgateway.de []) by ietfa.amsl.com (Postfix) with ESMTP id 7789021F84BF for <oauth@ietf.org>; Fri, 29 Jul 2011 06:15:31 -0700 (PDT)
Received: from [] by smtprelay05.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1QmmuX-0001aX-Ey for oauth@ietf.org; Fri, 29 Jul 2011 15:15:29 +0200
Message-ID: <4E32B270.8070109@lodderstedt.net>
Date: Fri, 29 Jul 2011 09:15:28 -0400
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: OAuth WG <oauth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Df-Sender: torsten@lodderstedt-online.de
Subject: [OAUTH-WG] Please review security document section 5
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2011 13:15:32 -0000

Hi all,

we would like to bring this document forward as an informational RFC and 
would like to put it on WGLC soon. In preparation we plan to publish 
another revision. Although we got considerable feedback so far, we feel 
that especially section 5 could benefit from additional reviews.

So we ask you to give 
http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-00 a read and 
post comments to the list.

thanks in advance,