Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2-threatmodel
Barry Leiba <barryleiba@computer.org> Fri, 27 April 2012 01:31 UTC
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B18811E8097 for <oauth@ietfa.amsl.com>; Thu, 26 Apr 2012 18:31:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.962
X-Spam-Level:
X-Spam-Status: No, score=-102.962 tagged_above=-999 required=5 tests=[AWL=0.015, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNJ+vn06GQ46 for <oauth@ietfa.amsl.com>; Thu, 26 Apr 2012 18:31:30 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1B06811E8096 for <oauth@ietf.org>; Thu, 26 Apr 2012 18:31:30 -0700 (PDT)
Received: by yhkk25 with SMTP id k25so149605yhk.31 for <oauth@ietf.org>; Thu, 26 Apr 2012 18:31:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=UMHXn29dMPhgu/9i81AtBwc76snQyMJFPrdofP6TS5w=; b=DSlqvvqALbb9GSDihCE2G4hG4HbgPzMKH+xKupS/GkmrSXnGMCCVXsQKN1CPQjXw1A sP3cje4z6tiBKSQRcePEreNzBWotoAzNsavnEA6nCN+F97kbSBAHSZpkU16y5AxWdBsz DLm35sxcG0sT+Hv8nyKWeG/U3Lnk8+7hcseFWiUYOtxkx5iaDhmQ8jRR5Ulj/XWFlWng X+PwhgcLbO9QSRI1g4k3/jY+dLR1DZF+b0ob7HjNxOLmocYlDalhxzSX0BWBNVWPfmmz zMbDjVfN/AYmpOv6pazkOtV414/30ofCnk5wWv8WwSBV2lnyOkK1haCBc+9S5hnRhgyH 5Wlw==
MIME-Version: 1.0
Received: by 10.236.154.35 with SMTP id g23mr8963608yhk.107.1335490289607; Thu, 26 Apr 2012 18:31:29 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.147.152.14 with HTTP; Thu, 26 Apr 2012 18:31:29 -0700 (PDT)
In-Reply-To: <CAC4RtVAD3NVm8vcSNJvpYPU0meFh9tbN6dXqBS5XbHRKagCfwA@mail.gmail.com>
References: <CALaySJLy6jpuPqxQXfKfpx0TpcK1gav1NtcTOoh+NOr11JSCbw@mail.gmail.com> <4F8DE789.4030704@mtcc.com> <CALaySJK1ej_HkP5Jz26XT-KjULirD2iFfVOpRkHgPZp-CbJCrg@mail.gmail.com> <4F957EA7.3060004@mtcc.com> <OF3ECF645E.478720A4-ON802579EA.002D0B13-802579EA.002D8D07@ie.ibm.com> <4F96A99F.7010303@mtcc.com> <85556C53-99DD-47A2-A0D5-2F86DD2B668F@oracle.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2FFC41C@P3PWEX2MB008.ex2.secureserver.net> <580607FC-28EC-4BBA-8CBA-C63D2FA52C8E@oracle.com> <CAC4RtVAD3NVm8vcSNJvpYPU0meFh9tbN6dXqBS5XbHRKagCfwA@mail.gmail.com>
Date: Thu, 26 Apr 2012 21:31:29 -0400
X-Google-Sender-Auth: 9wpLbvLdhO4h2LxRPGhYvx0tEGk
Message-ID: <CAC4RtVCBBTqFWkOOuACsiUz7YdCGD4FnpeR7wySL-J_GAxJ==g@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: oauth@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2-threatmodel
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Apr 2012 01:31:30 -0000
Oh, and sorry... > threats document should be addressing that "overselling" problem[1], > and if that means highlighting a few things that we think should be > obvious, I'm in favour of it. ...I forgot to include the footnote. Barry [1] Note that I'm NOT saying that the WG is overselling OAuth, but that any technology like this gets oversold in the press, by implementors who want to make its support part of a sales pitch, and by general word of mouth/blog/twit.
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Michael Thomas
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Mark Mcgloin
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Michael Thomas
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Mark Mcgloin
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Phil Hunt
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Michael Thomas
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Eran Hammer
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Michael Thomas
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Peter Saint-Andre
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Derek Atkins
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Phil Hunt
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Michael Thomas
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Eran Hammer
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Eran Hammer
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Barry Leiba
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Peter Saint-Andre
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Michael Thomas
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Mark Mcgloin
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Derek Atkins
- Re: [OAUTH-WG] Shepherd review of draft-ietf-oaut… Barry Leiba