[That is some cc list! Do you really need a cc list that large for this thread? I've set the reply-to to just oauth@xxxxxxxx (note: I'm NOT subscribed to that list). Please honor the reply-to header. It's a good idea to set reply-to when making announcements, so that replies don't flood people who are almost certainly not interested.] On Tue, Nov 09, 2010 at 08:07:56AM +0000, torsten@xxxxxxxxxxxxxxx wrote: > We think the security considerations should be based on a threat model > of OAuth. But a complete threat model would blow up the spec. Really? I would think that a threat model for OAuth could be described fairly briefly. What is the typical value of resources protected by OAuth? What kinds of attackers (active, passive, ...) does OAuth aim to defeat, and under what assumptions (end-points are secure, trusted third parties are trustworthy, certain cryptographic algorithms are not broken with parameters in certain ranges, smartcards are secure, ...)? Which kinds of attacks does OAuth explicitly not protect against (e.g., DoS)? What resources do you expect attackers to apply to compromising resources protected by OAuth? A few pages should do for the threat model. An abstract of the OAuth threat model should also be possible to write. > We therefore aim to produce a separate security document > (informational I-D/RFC) covering threat model as well as security > design and considerations. The security considerations section of the > core spec can then be distilled from this document. Sure. Procedurally speaking, that works. Nico -- _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf