Re: [OAUTH-WG] problem statement
David Recordon <recordond@gmail.com> Sat, 10 September 2011 17:27 UTC
Return-Path: <recordond@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4323C21F8510 for <oauth@ietfa.amsl.com>; Sat, 10 Sep 2011 10:27:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2M+r1KZ0NnBq for <oauth@ietfa.amsl.com>; Sat, 10 Sep 2011 10:27:09 -0700 (PDT)
Received: from mail-gw0-f42.google.com (mail-gw0-f42.google.com [74.125.83.42]) by ietfa.amsl.com (Postfix) with ESMTP id 9D3BD21F84CF for <oauth@ietf.org>; Sat, 10 Sep 2011 10:27:09 -0700 (PDT)
Received: by gwb17 with SMTP id 17so3261562gwb.15 for <oauth@ietf.org>; Sat, 10 Sep 2011 10:29:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=s64L7Oe8LbDo44hq5vRr23fWGQhxO/QfoL/S+2yQxPQ=; b=lPxaQoGpqJttwDClzM7g5xnogHnfdb74ObEiED2PBj9b6JWJQVDony6gyD2O6zzsok n5KA4LFWQiStYKPQiwpQRrsOPsvKh9FfBPFAA449Tr67e/gqravemtTwfb1PKAxktR+F 5j4HAs00aS8CQy9TkyfiOPxutLiqMl6Z2mvgg=
MIME-Version: 1.0
Received: by 10.42.134.130 with SMTP id l2mr440467ict.399.1315675745811; Sat, 10 Sep 2011 10:29:05 -0700 (PDT)
Received: by 10.231.14.9 with HTTP; Sat, 10 Sep 2011 10:29:05 -0700 (PDT)
In-Reply-To: <4E68147E.8000300@mtcc.com>
References: <4E665B25.6090709@mtcc.com> <4E666B65.30701@mtcc.com> <29815937-0FB9-463B-B6E4-8FCAF7B3CD8C@hueniverse.com> <4E666E73.3050502@mtcc.com> <CAMrm-MJHKTxaj1iEm_Lr=X92sOiWZcYN4F6dNqb5w5gh4OPndQ@mail.gmail.com> <4E6671FA.3090503@gmail.com> <4E667469.2040007@mtcc.com> <1315337809.3136.38.camel@ground> <4E667953.9020906@mtcc.com> <71A460EE-1E2C-4165-99A8-5A97D6E9365C@jkemp.net> <4E667E2E.7090304@mtcc.com> <80A88920-A1EF-4A1C-A97E-F99379923CFB@jkemp.net> <4E66845E.7090906@mtcc.com> <E3DEC4C8-6BB0-44EE-821A-7589F5DC6462@jkemp.net> <4E669D3C.5000900@gmail.com> <7D4DF72E-B211-4D41-B447-4CF04E9CB1D8@hueniverse.com> <4E67A710.9070505@alcatel-lucent.com> <4E67A942.1070200@mtcc.com> <90C41DD21FB7C64BB94121FBBC2E7234518A4F274E@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E67C501.3060001@mtcc.com> <4E67C893.5060505@mtcc.com> <4E67D149.8080200@mtcc.com> <D02EDDCE-4498-4B75-9C5F-340A439F0190@niven-jenkins.co.uk> <4E68147E.8000300@mtcc.com>
Date: Sat, 10 Sep 2011 10:29:05 -0700
Message-ID: <CAB_mRgPDiZU9uN-XJmKUPkU11BWwb2wbnmZNmsw2y3EnJSPeBA@mail.gmail.com>
From: David Recordon <recordond@gmail.com>
To: Michael Thomas <mike@mtcc.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] problem statement
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2011 17:27:10 -0000
Hey Mike, I think this has been said a few times by Eran and Peter but you really need to propose actual sentences that you want to see included in the specification at this point. Saying "I think it should be clearly explained" isn't actionable text. That said, I strongly don't believe this is an issue specific to OAuth. --David On Wed, Sep 7, 2011 at 6:03 PM, Michael Thomas <mike@mtcc.com> wrote: > On 09/07/2011 05:19 PM, Ben Niven-Jenkins wrote: >> >> Your original e-mail that started this thread was not targeted at a >> specific document and my interpretation is that some of the hostility you >> have experienced is due to a frustration that your request is seen as a >> potential obstacle to getting the protocol specification out the door >> because the issue you want to discuss is not directly related to how a >> developer might implement the protocol. >> > > I had no idea where in the ietf process the protocol document is. I'm > still not sure whether it's been through wg last call, ietf last call, etc. > >> If I may be so bold, could I suggest that you propose some text that >> articulates the issue that you would like to see documented and then the >> group can assess that text on its merits and try to reach consensus on which >> document, if any, it is best placed to reside within. >> > > Basically, in the protocol document's introduction I think it should > be clearly explained that the UA functionality is expected to be "trusted", > ie not be under the control of a potential attacker. I think that for the > uninitiated that is anything but obvious. There has been a sea-change > since 2007 making this an important point. Had that been in the > introduction, we would not be having this conversation. > > Mike > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- Re: [OAUTH-WG] problem statement Paul Madsen
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement John Kemp
- Re: [OAUTH-WG] problem statement Michael Thomas
- [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Igor Faynberg
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement William Mills
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement William Mills
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Justin Richer
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Jill Burrows
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Aiden Bell
- Re: [OAUTH-WG] problem statement Melinda Shore
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Aiden Bell
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Justin Richer
- Re: [OAUTH-WG] problem statement Igor Faynberg
- Re: [OAUTH-WG] problem statement Igor Faynberg
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Igor Faynberg
- Re: [OAUTH-WG] problem statement John Kemp
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement John Kemp
- Re: [OAUTH-WG] problem statement William Mills
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement John Kemp
- Re: [OAUTH-WG] problem statement Melinda Shore
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Aiden Bell
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Melinda Shore
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Peter Saint-Andre
- Re: [OAUTH-WG] problem statement Melinda Shore
- Re: [OAUTH-WG] problem statement Peter Saint-Andre
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Peter Saint-Andre
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement William Mills
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Manger, James H
- Re: [OAUTH-WG] problem statement Justin Richer
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Igor Faynberg
- Re: [OAUTH-WG] problem statement John Kemp
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Igor Faynberg
- Re: [OAUTH-WG] problem statement David Waite
- Re: [OAUTH-WG] problem statement Phil Hunt
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Melinda Shore
- Re: [OAUTH-WG] problem statement Peter Saint-Andre
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Aiden Bell
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Aiden Bell
- Re: [OAUTH-WG] problem statement Peter Saint-Andre
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Eran Hammer-Lahav
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement Melinda Shore
- Re: [OAUTH-WG] problem statement Ben Niven-Jenkins
- Re: [OAUTH-WG] problem statement Michael Thomas
- Re: [OAUTH-WG] problem statement David Recordon
- Re: [OAUTH-WG] problem statement Thomas Hardjono
- Re: [OAUTH-WG] problem statement Phil Hunt