On 06-Jul-23 04:52, Keith Moore wrote:
On 7/5/23 07:03, Roman Danyliw wrote:
RFC8252/OAuth is the product of a robust and very active WG which has all of the supporting processes to discuss the work. Please use the associated mailing list for OAuth to discuss OAuth related technologies -- https://www.ietf.org/mailman/listinfo/oauth.
The point is that Oauth is inadequate. We need something different.
I read the point as being that (in Michael's opinion) the IESG didn't do its job when reviewing RFC8252. That seems like a valid topic for this list, although of course it is years too late and an appeal at the time the draft was approved would have been the only recourse available.
I do agree that any actual *action* such as a draft replacing RFC8252 or proposing a new auth mechanism belongs elsewhere.
Brian Carpenter
