Thank you for your review, Mike!
I created a PR addressing your comments: https://github.com/oauthstuff/draft-ietf-oauth-security-topics/pull/91/files
Please let me know if this looks good to you, I'll then release a new version with these changes.
Am 29.04.24 um 03:40 schrieb Michael
Jones via Datatracker:
There’s a lot of duplicated text between 4.11.2. Authorization Server as Open Redirector and 4.17. Authorization Server Redirecting to Phishing Site. Consider refactoring to eliminate or reduce the duplication.
This was by mistake. The section 4.17 was supposed to be merged
into 4.11.2 since it addresses the same attack. I removed 4.17 in
the new version.
-Daniel
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
