Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-14.txt

William Denniss <wdenniss@google.com> Wed, 08 July 2015 05:52 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBBEB1B30E3 for <oauth@ietfa.amsl.com>; Tue, 7 Jul 2015 22:52:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hFogabVPUehh for <oauth@ietfa.amsl.com>; Tue, 7 Jul 2015 22:52:10 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5C601B30E1 for <oauth@ietf.org>; Tue, 7 Jul 2015 22:52:09 -0700 (PDT)
Received: by qkhu186 with SMTP id u186so156337391qkh.0 for <oauth@ietf.org>; Tue, 07 Jul 2015 22:52:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=DhhNkUHiVTk8Vyr5TZfSP2C1LFfHU7pPXrubvCoWsvs=; b=mBkfntauwpFZcOkC/LWBY5LGlmzUKvWMEUYBvQBj3C2BHgFKZqltMD6CZALqjLCf07 ZGm7fvaJhmZSGiHS7j7KM39+jQ57zbJcRpiq7hdIeOUiHHDw9Q1EXaI8JwHAeuWodUrd GcW+m5ukxeQBpx8A2x+yo+efBdwXRccwWRbWz2SPzaDIpvONe21G2Cn8wt5J8NhmTwSh VU4cn84adFeCU1ugX5LF1+kXoNkKElZQMo8nIwDoD0KQO3KKWOsyWdQCt3Keab1t3O3a fKyImziDtpkdRyXyN8MpOynwlg/YINz+tV8IhcIOqbVdRmQS4Pwtqr5ISg/ZJu8PjFBu 4BZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=DhhNkUHiVTk8Vyr5TZfSP2C1LFfHU7pPXrubvCoWsvs=; b=U9O6IayAm4lnUm9fJWDU3OTsE8bqVPT02EhrRY4yNmRUwq2Po9tZgukESh7SatRM7s ChQwOWBssAnmlzZYBKzDQfyFYsCDLphNSNfQUa3aK9Uqb0l7eWHrguSwvCzhchTzP+Cn rW0N35xwy3OJW0pd3YaaqBjGdyUUuqOpNhJIVFwH6fdtGr57ztPtqIqF3va2UpDLPM4b 9aSaFGAz7XSXy2Xo0Et4DNOc/gVjYW1UtmjIK9aYT3szK9BJ+gD5L0bGb7kx6mUAIwA2 03BKvsq5y/1VQr/nN66jFXsWtO9gWrDJYD5o2w8jnl67IoqtBtqhT/fu5UhuVLMyW6aZ QE0A==
X-Gm-Message-State: ALoCoQlGs3xoSeSoNH2GZMASEFw+DbFT1g9HVVFPyoblZnWe04hch7uhBO6Q8EUIY+BFdUBiOnnn
X-Received: by 10.140.47.86 with SMTP id l80mr13054427qga.35.1436334729021; Tue, 07 Jul 2015 22:52:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.19.98 with HTTP; Tue, 7 Jul 2015 22:51:49 -0700 (PDT)
In-Reply-To: <68C4B3E0-0A40-4035-A6B8-EB553573BE5D@ve7jtb.com>
References: <20150706230550.12450.15077.idtracker@ietfa.amsl.com> <CAAP42hD=CXnWUgQ5b=cgtqp2TkOgXWQ89yZtyEJe9_19K+72Mw@mail.gmail.com> <68C4B3E0-0A40-4035-A6B8-EB553573BE5D@ve7jtb.com>
From: William Denniss <wdenniss@google.com>
Date: Tue, 7 Jul 2015 22:51:49 -0700
Message-ID: <CAAP42hDMH9gc97aa3-hjrLuRyFsc3j8tmSwDee-oJvMn4dxsAg@mail.gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary=001a11c172de4d855d051a56bd53
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/1iu_v9YM635grG7vv9ERfLk84LA>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-14.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 05:52:11 -0000

t_m works for me, I just think we should have some indication that it's
the name of the transform. Will you also update where it is referenced in
the description below Figure 2?



On Tue, Jul 7, 2015 at 6:28 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:

> Thanks, I fixed my finger dyslexia for the next draft.
>
> I changed it to t_m rather than “t”  I think that is clearer.  If I were
> to do it the other way XML2RFC would have double quotes in the text version.
>
> John B.
>
> On Jul 7, 2015, at 9:38 PM, William Denniss <wdenniss@google.com> wrote:
>
> In version 14, there's a typo on this line ("deso") in Section 7.2:
>
> `"plain" method deso not protect`
>
> Also, in the 1.1 Protocol Flow diagram, regarding the text:
>
> `+ t(code_verifier), t`
>
> I wonder if it makes more sense to represent as `+ t(code_verifier), "t"`
> (note the quotes on the second 't') given that it's a string representation
> of the method that's being sent?
>
>
> On Mon, Jul 6, 2015 at 4:05 PM, <internet-drafts@ietf.org> wrote:
>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>  This draft is a work item of the Web Authorization Protocol Working
>> Group of the IETF.
>>
>>         Title           : Proof Key for Code Exchange by OAuth Public
>> Clients
>>         Authors         : Nat Sakimura
>>                           John Bradley
>>                           Naveen Agarwal
>>         Filename        : draft-ietf-oauth-spop-14.txt
>>         Pages           : 20
>>         Date            : 2015-07-06
>>
>> Abstract:
>>    OAuth 2.0 public clients utilizing the Authorization Code Grant are
>>    susceptible to the authorization code interception attack.  This
>>    specification describes the attack as well as a technique to mitigate
>>    against the threat through the use of Proof Key for Code Exchange
>>    (PKCE, pronounced "pixy").
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
>>
>> There's also a htmlized version available at:
>> https://tools.ietf.org/html/draft-ietf-oauth-spop-14
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-spop-14
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>