Re: [OAUTH-WG] Looking for a compromise on signatures and other open issues

Peter Saint-Andre <> Tue, 28 September 2010 19:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 238193A6DEF for <>; Tue, 28 Sep 2010 12:57:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.534
X-Spam-Status: No, score=-102.534 tagged_above=-999 required=5 tests=[AWL=0.065, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vvwPc1oXszT4 for <>; Tue, 28 Sep 2010 12:57:51 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id F0C633A6E2A for <>; Tue, 28 Sep 2010 12:57:50 -0700 (PDT)
Received: from ( []) (Authenticated sender: stpeter) by (Postfix) with ESMTPSA id DDC87400EE for <>; Tue, 28 Sep 2010 14:03:59 -0600 (MDT)
Message-ID: <>
Date: Tue, 28 Sep 2010 13:58:30 -0600
From: Peter Saint-Andre <>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv: Gecko/20100914 Thunderbird/3.0.8
MIME-Version: 1.0
References: <90C41DD21FB7C64BB94121FBBC2E72343D460DB5BE@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343D460DB5BE@P3PW5EX1MB01.EX1.SECURESERVER.NET>
X-Enigmail-Version: 1.0.1
OpenPGP: url=
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [OAUTH-WG] Looking for a compromise on signatures and other open issues
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 28 Sep 2010 19:57:52 -0000

On 9/28/10 12:25 AM, Eran Hammer-Lahav wrote:
> (Please take a break from the other threads and read this with an open
> mind. I have tried to make this both informative and balanced.)
> --- IETF Process
> For those unfamiliar with the IETF process, we operate using rough
> consensus. This means most people agree and no one strongly objects. If
> someone strongly objects, it takes a very unified group to ignore that
> person, with full documentation of why the group chose to do so. That
> person can raise the issue again during working group last call, area
> director review, and IETF last call - each has the potential to trigger
> another round of discussions with a wider audience. That person can also
> appeal the working group decision before it is approved as an RFC.

To clarify, "rough consensus" does not mean "unanimity" and it does not
mean "one vocal person can launch their own personal DoS against the
WG". The chairs (and if necessary the sponsoring AD) do have tools at
their disposal for declaring consensus.

That said, I think your proposal is a reasonable compromise for how to
move this WG forward.


Peter Saint-Andre