From 924add83d49fb0663208f971c143223a0773e9c0 Mon Sep 17 00:00:00 2001
From: David Recordon <davidrecordon@davidrecordon.local>
Date: Fri, 19 Mar 2010 11:27:05 -0700
Subject: [PATCH] Security considerations update

---
 OAuth2.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OAuth2.xml b/OAuth2.xml
index a9e841e..10f217f 100644
--- a/OAuth2.xml
+++ b/OAuth2.xml
@@ -667,7 +667,7 @@ oauth_client_identifier=s6BhdRkqt3&oauth_client_secret=8eSEIpnqmM&oauth_refresh_
         </section>
 
         <section title="Security Considerations">
-            <t>TODO: I'm the wrong person to write this section.</t>
+            <t>TODO: David is the wrong person to write this section. Should definitely cover why device profiles don't have client secrets (hard to trust them to keep secrets and will probabally use custom ways to auth based on the device and if it has TPM.)</t>
         </section>
     </middle>