<div dir="ltr">There are 2000 new vulnerabilities posed by CISA every month. About 15% of those are severe.<div> How is it that you think odif can be in the business of posting mitigations?</div><div><div><a href="https://www.cvedetails.com/vulnerabilities-by-types.php">https://www.cvedetails.com/vulnerabilities-by-types.php</a></div><div>This is why I opposed the addition of attack models to the fapi docs.  Now you are going down the same rathole?</div><div>These mitigations will be obsolete before the std is approved.</div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap"> </span>..tom</div></div></div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 7, 2022 at 9:39 PM Kristina Yasuda via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">New issue 1750: PKCE and pre-auth code flow in VCI<br>
<a href="https://bitbucket.org/openid/connect/issues/1750/pkce-and-pre-auth-code-flow-in-vci" rel="noreferrer" target="_blank">https://bitbucket.org/openid/connect/issues/1750/pkce-and-pre-auth-code-flow-in-vci</a><br>
<br>
Kristina Yasuda:<br>
<br>
\(following[ Joseph’s comment](<a href="https://bitbucket.org/openid/connect/pull-requests/372#comment-351680555" rel="noreferrer" target="_blank">https://bitbucket.org/openid/connect/pull-requests/372#comment-351680555</a>)\) “I don’t think PKCE can be used with the pre-authorised code flow, we should probably explicitly state that \(and perhaps mention alternative mitigations\).”<br>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote></div>