|
Thanks for addressing my review comments in -27. We can now change my review status from “Has Issues” to “Ready”. Other SecDir people – how do I change the status of the review in the datatracker? The only remaining bug I found is typographical. In 4.2.1, the underscore is missing from access_token in "(and potentially access token)". This is true in both the .txt and .html renderings. -- Mike From: Daniel Fett <mail@xxxxxxxxxxxxx>
Thank you for your review, Mike! I created a PR addressing your comments:
https://github.com/oauthstuff/draft-ietf-oauth-security-topics/pull/91/files Please let me know if this looks good to you, I'll then release a new version with these changes. Am 29.04.24 um 03:40 schrieb Michael Jones via Datatracker: There’s a lot of duplicated text between 4.11.2. Authorization Server as OpenRedirector and 4.17. Authorization Server Redirecting to Phishing Site.Consider refactoring to eliminate or reduce the duplication. This was by mistake. The section 4.17 was supposed to be merged into 4.11.2 since it addresses the same attack. I removed 4.17 in the new version. -Daniel |
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
