Changes
Updates to text and diagrams to provide additional clarity based on IETF Last Call feedback
Details
- Clarify exploitation of unauthenticated channel in OAuth by @PieterKas in #206
- Enhance limitations section with VPN guidance by @PieterKas in #205
- Clarify limitations of short-lived user codes by @PieterKas in #204
- Enhance document with glossary reference and CDCP details by @PieterKas in #209
- Eliminate duplicate patterns in cross-device security document by @PieterKas in #220
- Update User-Transferred Authorization Data Pattern details by @PieterKas in #221
- Enhance security discussion on authorization requests by @PieterKas in #222
- Clarify cross-device flow use cases and descriptions by @PieterKas in #223
- Refine mitigations and proximity establishment details by @PieterKas in #224
- Clarify limitations of trusted devices in cross-device flows by @PieterKas in #225
- Forward reference to FIDO in wireless proximity section by @PieterKas in #226
- Editoria updates by @PieterKas in #227
- Clarify Authenticat-the-Initiate mitigation by @PieterKas in #228
- Update Diagrams: 1 of 4 by @PieterKas in #229
- Update Diagram 2 of 4 by @PieterKas in #230
- Update Diagram 3 of 4 by @PieterKas in #233
- Update Diagram 4 of 4 by @PieterKas in #234
- Writing Nits by @PieterKas in #235
- Cross references between use case and exploit examples by @PieterKas in #236
Full Changelog: draft-ietf-oauth-cross-device-security-13...draft-ietf-oauth-cross-device-security-14
Contributors
PieterKas