Re: New Non-WG Mailing List: Oauth-security-reports -- Information about security vulnerabilities concerning the OAuth specifications and OAuth implementations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11 Jan 2016, at 12:11, IETF Secretariat wrote:
A new IETF non-working group email list has been created.

List address: oauth-security-reports@xxxxxxxx
Archive: https://mailarchive.ietf.org/arch/search/?email_list=oauth-security-reports To subscribe: https://www.ietf.org/mailman/listinfo/oauth-security-reports
[...]
This list was created to allow security researchers and other parties to submitting information related to discovered security vulnerabilities concerning the OAuth specifications and OAuth implementations.

Seeing that and reading the full description both in the provided "Purpose" section as well as in the "About" on the mailing-list signup page, I had the following comments/questions:

. The text explicitly says confidentiality is a goal, but seemingly invites membership subscription requests,

. The (currently empty) archives look to be publicly readable,

. If the list is to be open (both to subscriptions and archive viewing), should the description be amended?

. If the description indicates the list is indended to be closed but advertised as a place to blindly send reports, should the list configs and archive access be modified and is there a list of who the final recipients might be or a page with expected turn-around time or consequences?


Curious,
Philip




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]