IETF Logo Mail Archive

Re: [Gen-art] Genart last call review of draft-ietf-oauth-device-flow-10

William Denniss <wdenniss@google.com> Tue, 31 July 2018 16:07 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92E7A130E3A for <gen-art@ietfa.amsl.com>; Tue, 31 Jul 2018 09:07:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.61
X-Spam-Level:
X-Spam-Status: No, score=-15.61 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Fz8BQf5OVVS for <gen-art@ietfa.amsl.com>; Tue, 31 Jul 2018 09:07:00 -0700 (PDT)
Received: from mail-ua0-x241.google.com (mail-ua0-x241.google.com [IPv6:2607:f8b0:400c:c08::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ED2D130DD9 for <gen-art@ietf.org>; Tue, 31 Jul 2018 09:07:00 -0700 (PDT)
Received: by mail-ua0-x241.google.com with SMTP id k8-v6so10633780uaq.12 for <gen-art@ietf.org>; Tue, 31 Jul 2018 09:07:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MR7ePojU1jZPeHSe3+23Pr4XUEbGzgzlyJevr3CmgtY=; b=LLwG3ie8RS17CAPEBj/1DrNM35ep1+Zd1RoCAmLIDdOv2wRrk9c95DSgjNKVud8fVy kLVujns8O0y5r8u10sHlmdnZEw+fyQfBKgcbod/g6VXqU3KkaBGxo1HZZWfN6fmbxoHB xMAr/UkdKlSdde74u5oflPEh8JN9sPwUd77ABUtubhN1ZUJA6BeWQ68XJHDxN2Ozlqcf MmSE1el+cBLH68YaUMK7kHNdYz3i8xI0+wIXdSsNP4Txug7Op5ILw88+hDmJQHEECIEy Wi2upC2TQahtslY55UUtTyU4gYKkL0FV695e8T6yVUnuwJUOAs2GBVurkxTqhO1cammC Y9iQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MR7ePojU1jZPeHSe3+23Pr4XUEbGzgzlyJevr3CmgtY=; b=mWSj9kKYmHcwx7gxTvTlrVzcx4Ku9NEK+LsLXIF+V0qKTfbqu5gbNzypHzBsIHXFtG opPW32Xq6BbhFP9AHp8qgEcWpaevgPS8SwzMEhpL1Vpvr2BTOugVWyesnggbyl4ZCn7/ KjrV8UPnXWMPLi4pW3y3U+UNiKi2PXEpkMV61vc2IgK8BkN3aQ20wmiA35SLdgHDKipJ 3Cd1w6M9IVvnMcmwwgwAgE/Y5+SDOTFa2wJXyhekhMpD7Czikws5YbYIdRXBjPDqMvzh Q89nGcaXi9oS/Jbcx8x6lw+stSbp5GHrj9oHtfSScyCK1owY7kZ/bbfPrnrQfNhz2VI4 LjHw==
X-Gm-Message-State: AOUpUlEBw84hIFZHAtYm401116Y7kSOhZu1L/6tQc3Hj/LseqhAhFcMX tA6M2YquDgdp4HJhzk/8hN/+lEssRjnekZVBOLPqvwDk
X-Google-Smtp-Source: AAOMgpdmGUHtjX/Ug6kaLO1oCtRPCEw2sadeHfIuCZVIHXb5qmD8pkB2LMUeBKr3Td5Iy8QcsZL33WMO5wDxHTXeRb4=
X-Received: by 2002:ab0:4987:: with SMTP id e7-v6mr15859373uad.198.1533053218673; Tue, 31 Jul 2018 09:06:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ab0:185a:0:0:0:0:0 with HTTP; Tue, 31 Jul 2018 09:06:38 -0700 (PDT)
In-Reply-To: <CB9FD96F-EED3-4D09-B744-B576052D52CE@cooperw.in>
References: <152873404689.2672.12557627140070509936@ietfa.amsl.com> <c53a8e8f-7873-3c5a-aa6f-3e0a896c9a88@nostrum.com> <CB9FD96F-EED3-4D09-B744-B576052D52CE@cooperw.in>
From: William Denniss <wdenniss@google.com>
Date: Tue, 31 Jul 2018 09:06:38 -0700
Message-ID: <CAAP42hDOcViyK6=faz+azP_E680T3ozS5bOLrjooCy1dKZfg4w@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: Robert Sparks <rjsparks@nostrum.com>, General Area Review Team <gen-art@ietf.org>, draft-ietf-oauth-device-flow.all@ietf.org, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000085dcaa05724dc42d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/3mWdnglRBVH1qQ8HnGFMreBtlNY>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-oauth-device-flow-10
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jul 2018 16:07:03 -0000

Thank you Robert, and Alissa, we really appreciate you feedback. My
co-authors and I are processing yours and all the feedback received so far.
We'll reply to your points in the coming days.


On Tue, Jul 31, 2018 at 8:58 AM, Alissa Cooper <alissa@cooperw.in> wrote:

> Robert, thanks for your review. I have pointed to it in my No Objection
> ballot.
>
> Alissa
>
> > On Jul 20, 2018, at 1:37 PM, Robert Sparks <rjsparks@nostrum.com> wrote:
> >
> > As far as I can tell, there has been no response to this. The document
> revision just updated a reference to reflect an rfc having been published.
> >
> > Apologies if I missed a response.
> >
> > RjS
> >
> >
> > On 6/11/18 12:20 PM, Robert Sparks wrote:
> >> Reviewer: Robert Sparks
> >> Review result: Ready with Nits
> >>
> >> I am the assigned Gen-ART reviewer for this draft. The General Area
> >> Review Team (Gen-ART) reviews all IETF documents being processed
> >> by the IESG for the IETF Chair.  Please treat these comments just
> >> like any other last call comments.
> >>
> >> For more information, please see the FAQ at
> >>
> >> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> >>
> >> Document: draft-ietf-oauth-device-flow-10
> >> Reviewer: Robert Sparks
> >> Review Date: 2018-06-11
> >> IETF LC End Date: 2018-06-12
> >> IESG Telechat date: Not scheduled for a telechat
> >>
> >> Summary: Ready for publication as a Proposed Standard RFC, but with
> nits to
> >> consider
> >>
> >> Nits/editorial comments:
> >>
> >> In 3.5 "the client MUST use a reasonable default polling interval" is
> not
> >> testable. Who determines "reasonable"? At the very least, you should
> add some
> >> text about how to determine what "reasonable" is for a given device,
> and add
> >> some text that says don't poll faster than earlier responses limited
> you to.
> >> For example, if the response at step B in the introductory diagram had
> an
> >> explicit interval of 15, but a slow-down response to an E message
> didn't have
> >> an explicit interval, you don't want them to default to, say 5 seconds
> (because
> >> that's what the example in section 3.2 said, so it must be reasonable).
> >>
> >> In 3.3, you say the device_code MUST NOT be displayed or communicated.
> Is there
> >> a security property that's lost if there is? Or is this just saying
> "Don't
> >> waste space or the user's time"?
> >>
> >> The last paragraph of section 6.1 feels like a recipe for false
> positives, and
> >> for bug-entrenched code. Please reconsider it.
> >>
> >> You need line-folding in the example in section 3.2
> >>
> >>
> >> _______________________________________________
> >> Gen-art mailing list
> >> Gen-art@ietf.org
> >> https://www.ietf.org/mailman/listinfo/gen-art
> >
> > _______________________________________________
> > Gen-art mailing list
> > Gen-art@ietf.org
> > https://www.ietf.org/mailman/listinfo/gen-art
>
>

v2.23.0 | Report a Bug | By Email