Re: [OAUTH-WG] Murray Kucherawy's No Objection on draft-ietf-oauth-jwsreq-26: (with COMMENT)
Nat Sakimura <sakimura@gmail.com> Thu, 13 August 2020 15:24 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ADA43A0D7C; Thu, 13 Aug 2020 08:24:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cH3lENJsHSQV; Thu, 13 Aug 2020 08:24:09 -0700 (PDT)
Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 121AD3A0D78; Thu, 13 Aug 2020 08:24:09 -0700 (PDT)
Received: by mail-wm1-x342.google.com with SMTP id 3so5418221wmi.1; Thu, 13 Aug 2020 08:24:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wmfLl5gtYWvYH29MjjDDByItaVELkTxhjK0gm9YGFAo=; b=D/to+vcQ0KK4d719royXDgsE1xt2+eiGmnZajFOYooP68/gRcbXi1voeF7GlBcdClV YZ1E2HX4fw7aKrpUd684uEZudNmyiBX/aWiWHxnWxeA5he9kP/IGWLcFfb9sSRq0frVn di9lSvgl6GgF5xS7cPQFkAr4Z0Ke8xtNIRiZ1xQH032cVORwr8YYunxmzmb45LkUTRSc /vnDrC6fxYAZe81cR7f+PDcD1vVUoiQVlPycPm7XoVa8Ldb+YwWKY7l6qZViLrZvDr87 OzUeAyOglP8EPb0CBiyidgv2FeBpIhMX3+cc3FSDjW8gfzxq7OZ5wN2GpMG+QMIfqYYv taPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wmfLl5gtYWvYH29MjjDDByItaVELkTxhjK0gm9YGFAo=; b=GXnv54Y3QH6ZC9BNzM7hsXDZdMw2lFCOWjgE9tVeMotmlIdVFkPelevY3aa+aWELd6 1nJALvMEwVbMiTRqiQwY1ydIEzOiUxVepY/lJbwN7WItkPnnKl2ROBSOubmC6Jh1YSR3 6ECR9oxpmZETU3mEOuAmcH0h+4FaS+4BEH+NGfmPrWPMaksxufw4sV6QrckgWhs3Jzru YF/scBgBYbB1BSYDbOyqpVs1p6evg9IOHTLCrcjdu6EsJOyRJYQzKQEAi/O6rRID3RJa n/KNwu7yomrOKDR2XVMajAUIgHVr6ZNpa4F/NM6+QSEx6L5DzeAXjQBFmaU+NtqBN8wC 5PqQ==
X-Gm-Message-State: AOAM531exZ6xVk/6GXKEgN5YM7l+mBP9oSTPa99/tSXwg1/SNeC+jV1G BmHKUJQri+Gn0EjVdbG8GfBeOgplfzX8oPPvF7Y=
X-Google-Smtp-Source: ABdhPJxGKKSEDSOC9BQdv/Mikl25+LpyK8Tso2FtriFsIerrJJUGRBMSUCug2eH9MEFGiGL+kFx48I3qWqHSUORMZHk=
X-Received: by 2002:a1c:6a03:: with SMTP id f3mr5069457wmc.181.1597332247239; Thu, 13 Aug 2020 08:24:07 -0700 (PDT)
MIME-Version: 1.0
References: <159721898593.8472.15430392178541116697@ietfa.amsl.com>
In-Reply-To: <159721898593.8472.15430392178541116697@ietfa.amsl.com>
From: Nat Sakimura <sakimura@gmail.com>
Date: Fri, 14 Aug 2020 00:23:55 +0900
Message-ID: <CABzCy2A5eLA=2C6L78wnOtdM56tanFf3K8n6rBzcMORJahn5yw@mail.gmail.com>
To: Murray Kucherawy <superuser@gmail.com>
Cc: The IESG <iesg@ietf.org>, oauth <oauth@ietf.org>, oauth-chairs@ietf.org, draft-ietf-oauth-jwsreq@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002fe18105acc3e5b6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/B-k768S4Z1_ObdU0Pe3QfYlIE10>
Subject: Re: [OAUTH-WG] Murray Kucherawy's No Objection on draft-ietf-oauth-jwsreq-26: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 15:24:11 -0000
Murray, Thanks very much for your comment. My replies inline: On Wed, Aug 12, 2020 at 4:56 PM Murray Kucherawy via Datatracker < noreply@ietf.org> wrote: > Murray Kucherawy has entered the following ballot position for > draft-ietf-oauth-jwsreq-26: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > The directorate reviews are from 15 or more versions ago. I wonder if > returning documents like this should be sent through the directorates > again as > matter of course. > > Abstract: "... the communication through the user agents are not ..." -- > s/are/is/ > Thanks for pointing out. > > Section 1 expressly cites two IANA URLs. I suggest simply naming the > registry > or sub-registry; the URLs might not be permanent. Or if you like the URL, > do > it as a reference, as you did with [IANA.MediaType]. > > Good point. Will do. > The two bullets at the end of Section 1 toggle between "crypto" and > "cryptography". I suggest picking one, preferably the latter (as did the > rest > of the document). > Ditto. > > In Section 3, should URI and URL include references to their defining > RFCs? I > realize a reader familiar with this space probably knows those terms, but > they > seem to be the only acronyms without a reference here. > Good point. It will certainly improve the consistency. Will do. > When would an implementer legitimately disregard the SHOULD in Section 4? > E.g., in the case where there is only one client and the server in the system, it may be redundant to have `iss` and `aud`. > As Benjamin Kaduk also expressed, I'm a little puzzled by this text in > Section > 5.2: "The "request_uri" value MUST be reachable by the Authorization > Server." > Is this part of the protocol? > Please refer to my response to Ben. > > All of the subsections of Section 9 say: "This specification adds the > following > values to the "OAuth Parameters" registry established ..." but they all are > actually modifying different sub-registries. I suggest naming the > sub-registries explicitly. I realize the subsection titles have it right, > but > this line of repeated prose had me squinting a bit. > OK. Good point. Thanks. > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
- [OAUTH-WG] Murray Kucherawy's No Objection on dra… Murray Kucherawy via Datatracker
- Re: [OAUTH-WG] Murray Kucherawy's No Objection on… Nat Sakimura