Nat / oauth-jwsreq / issues / #31 - SECDIR Review: Section 10.4 - Clearer statement on the lack of endpoint identifiers needed — Bitbucket

Issue #31 resolved

Nat Sakimura repo owner created an issue 2017-01-17

This section ends with the statement “An extension specification should be created.” Presumably the intent here is to suggest that an extension is needed to remedy the vulnerability resulting from the lack of explicit endpoint identifiers. This should be more clearly stated.

Comments (3)

Nat Sakimura reporter
- assigned issue to
  
  Nat Sakimura
We know some of the vulnerabilities pointed out would not have happened if it were done. They were fixed another-way though. The sentence is pointing out that it is likely that there are other vulnerabilities that we do not know right now unless we do this. It is of the precautionary nature.

Perhaps changing the sentence like the following work?
```
An extension specification should be created as a preventive measure to address 
vulnerabilities that has not yet been identified.
```
- 2017-01-23T08:10:21+00:00
Nat Sakimura reporter
Re: ~~#31~~.

→ <<cset 4555a6ca51c0>>
- 2017-01-30T04:36:40+00:00
Nat Sakimura reporter
- changed status to resolved
- 2017-07-17T10:10:31+00:00
Log in to comment

Assignee: Nat Sakimura

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 0

Jira Software: the preferred issue tracker for Bitbucket. Join the team!