[Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt

Alexey Melnikov <alexey.melnikov@isode.com> Tue, 17 July 2012 11:03 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50A8A21F8669; Tue, 17 Jul 2012 04:03:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.968
X-Spam-Level:
X-Spam-Status: No, score=-102.968 tagged_above=-999 required=5 tests=[AWL=-0.369, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wa6Oo756JizT; Tue, 17 Jul 2012 04:03:49 -0700 (PDT)
Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 955DF21F866E; Tue, 17 Jul 2012 04:03:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1342523110; d=isode.com; s=selector; i=@isode.com; bh=0xR9BM5UhMk50togy3sX1tAAxFSuGkqrTBzKVJL4JS4=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=bYw5R9vQ/m2hBQawIcAOtUMXVOG+VVEFKD/hr0U3rBlM2UV2HzoLSAWyywY98VXlmMyZdq //cfWdoFGFph+cFUthEeYlSdPSyytFeP84xMusEkRFobS0bezcOWFk+CR1dcEDtufVjADl K4cUrgK++uvz29xse3IRidHHfq1cIqg=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <UAVG5gAkRCu9@waldorf.isode.com>; Tue, 17 Jul 2012 12:05:10 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <500546C5.6080102@isode.com>
Date: Tue, 17 Jul 2012 12:04:38 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" <draft-ietf-oauth-v2-bearer.all@tools.ietf.org>
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com>
In-Reply-To: <4F843DA1.8080703@isode.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: General Area Review Team <gen-art@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>, The IESG <iesg@ietf.org>
Subject: [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2012 11:03:50 -0000

I am still Ok with -22, but I have 1 new comment raised by introduction 
of the base64 ABNF non terminal:

I think it would be worth adding a comment for b64token that points to 
the base64 RFC. The current ABNF is too permissive (arbitrary number of 
"=" allowed at the end) and there are enough broken base64 parsers 
around (parsers that ignore everything after a "=", parsers that support 
arbitrary number of "=" at the end, etc.), so we shouldn't encourage 
creation of new ones.