- From: Carsten Bormann <cabo@tzi.org>
- Date: Thu, 18 Apr 2013 07:54:11 +0200
- To: "David I. Lehn" <dil@lehn.org>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org
On Apr 18, 2013, at 02:22, "David I. Lehn" <dil@lehn.org> wrote: > if you find security issues Wrong question. A security spec is worthless if it doesn't establish useful security properties. The spec needs a good look from people with more security mojo. (Or maybe it can simply be replaced by one of the more learned attempts under discussion, see http://www.ietf.org/proceedings/85/minutes/minutes-85-httpauth http://www.ietf.org/proceedings/86/minutes/minutes-86-httpauth for some links.) *Then* you can look at whether you have implemented it correctly. Grüße, Carsten
Received on Thursday, 18 April 2013 05:54:47 UTC