IETF Logo Mail Archive

Re: [OAUTH-WG] problem statement

Aiden Bell <aiden449@gmail.com> Tue, 06 September 2011 23:10 UTC

Return-Path: <aiden449@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C04921F8F47 for <oauth@ietfa.amsl.com>; Tue, 6 Sep 2011 16:10:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.276
X-Spam-Level:
X-Spam-Status: No, score=-3.276 tagged_above=-999 required=5 tests=[AWL=0.322, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xpf9XPfMicbn for <oauth@ietfa.amsl.com>; Tue, 6 Sep 2011 16:10:28 -0700 (PDT)
Received: from mail-qw0-f52.google.com (mail-qw0-f52.google.com [209.85.216.52]) by ietfa.amsl.com (Postfix) with ESMTP id E518521F8EB2 for <oauth@ietf.org>; Tue, 6 Sep 2011 16:10:27 -0700 (PDT)
Received: by qwb8 with SMTP id 8so5932895qwb.25 for <oauth@ietf.org>; Tue, 06 Sep 2011 16:12:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=M9dAJC4/QegdO4U/uw+kILLBxQ7ND/cAZT8VJhyuCCI=; b=QkeJeWuihNN+u8i81FmcXNI4vwo+x84zgkAjsFrwkdRBFUvHgb8gfvs7HUV0J5Bkhj PuNZGmTUlis8mV2FNAwlSWmI4CfWTcerxMSejqdvaWsdNmovhET+PNSGvKcsvi/m2uDp 3KH+/mz2anjg7suLY9cPA7NzyvDoSs0ibCZk8=
MIME-Version: 1.0
Received: by 10.229.222.85 with SMTP id if21mr255785qcb.124.1315350734274; Tue, 06 Sep 2011 16:12:14 -0700 (PDT)
Received: by 10.229.249.71 with HTTP; Tue, 6 Sep 2011 16:12:14 -0700 (PDT)
In-Reply-To: <7D4DF72E-B211-4D41-B447-4CF04E9CB1D8@hueniverse.com>
References: <4E665B25.6090709@mtcc.com> <4E6661FA.7050804@alcatel-lucent.com> <CD0B1909-8298-4CC3-B273-7B26E71EAB31@hueniverse.com> <4E666512.7010701@mtcc.com> <F4839FCD-CA73-4450-AD12-E07D46BB7746@hueniverse.com> <4E6667D1.3080404@mtcc.com> <1315334677.26387.YahooMailNeo@web31809.mail.mud.yahoo.com> <4E666B65.30701@mtcc.com> <29815937-0FB9-463B-B6E4-8FCAF7B3CD8C@hueniverse.com> <4E666E73.3050502@mtcc.com> <CAMrm-MJHKTxaj1iEm_Lr=X92sOiWZcYN4F6dNqb5w5gh4OPndQ@mail.gmail.com> <4E6671FA.3090503@gmail.com> <4E667469.2040007@mtcc.com> <1315337809.3136.38.camel@ground> <4E667953.9020906@mtcc.com> <71A460EE-1E2C-4165-99A8-5A97D6E9365C@jkemp.net> <4E667E2E.7090304@mtcc.com> <80A88920-A1EF-4A1C-A97E-F99379923CFB@jkemp.net> <4E66845E.7090906@mtcc.com> <E3DEC4C8-6BB0-44EE-821A-7589F5DC6462@jkemp.net> <4E669D3C.5000900@gmail.com> <7D4DF72E-B211-4D41-B447-4CF04E9CB1D8@hueniverse.com>
Date: Wed, 07 Sep 2011 00:12:14 +0100
Message-ID: <CA+5SmTV=CR9x_aAtr=Vyyx5a8o7N94L=EVCif79uHwTVbo5ZSA@mail.gmail.com>
From: Aiden Bell <aiden449@gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>, OAuth WG <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001636284bda457fbb04ac4df50c"
Subject: Re: [OAUTH-WG] problem statement
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2011 23:10:29 -0000

Perhaps a solution is to push OAuth.net as more of a "everything you ever
wanted to know about OAuth"
and direct non-core issues there for a page of good content to be created.
This way the RFC can focus on the
issue at hand and broader scope can be taken care of without having a 40+
thread on something like this.

Developers can still have a voice on these things, even if it isn't directly
through the RFC.

I feel strongly enough that I would be willing to help here. Let me know if
I can be of any assistance
in having these things dealt with more appropriately through something like
that.

Aiden

On 6 September 2011 23:27, Eran Hammer-Lahav <eran@hueniverse.com> wrote:

> It is a problem. For a few months now we have been going through this over
> and over again. The longer we work on this draft the more of this
> two-sentence changes people suggest. They don't make the document any
> better, create a false sense of comprehensiveness, and just further delay
> being done.
>
> So yeah, unless you can prove that there is an actual problem, we are done.
>
> EHL
>
> On Sep 6, 2011, at 15:22, "Melinda Shore" <melinda.shore@gmail.com> wrote:
>
> > On 09/06/2011 12:59 PM, John Kemp wrote:
> >> The point is that you have a point.
> >
> > He does, and that's in some large part why I don't
> > fully understand the temperature of the responses.
> > I do not think it's a particularly big deal to stick
> > a couple of sentences in the security considerations
> > underscoring the fact that OAUTH can't do anything
> > about a compromised host or a malicious application.
> > I've learned to live with the fact that sometimes
> > people implementing or deploying security technologies
> > don't fully understand them and it's my impression that
> > there's some number of people out there who think that
> > OAUTH and other third-party protocols provide sufficient
> > protection against password snagging.
> >
> > Melinda
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>



-- 
------------------------------------------------------------------
Never send sensitive or private information via email unless it is
encrypted. http://www.gnupg.org

v2.23.0 | Report a Bug | By Email