[OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-09: (with DISCUSS and COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Wed, 28 February 2018 14:43 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 22B13126BF3; Wed, 28 Feb 2018 06:43:41 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-oauth-discovery@ietf.org, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, oauth-chairs@ietf.org, Hannes.Tschofenig@gmx.net, oauth@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.73.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151982902113.5155.16065862366702262286.idtracker@ietfa.amsl.com>
Date: Wed, 28 Feb 2018 06:43:41 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/FPAz7uDnjM0FKrQtRlvZip99v40>
Subject: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-09: (with DISCUSS and COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2018 14:43:41 -0000

Alexey Melnikov has entered the following ballot position for
draft-ietf-oauth-discovery-09: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thank you for the well written IANA Considerations section. I have one comment
on it which should be easy to resolve:

The document doesn't seem to say anything about allowed characters in Metadata
names. When the document talks about "case-insensitive matching", it is not
clear how to implement the matching, because it is not clear whether or not
Metadata names are ASCII only. If they are not, then you need to better define
what "case insensitive" means.

You've made a change in section 7.1, which looks good. However there is still
the following text in 7.1.1:

   Metadata Name:
      The name requested (e.g., "issuer").  This name is case-sensitive.
      Names may not match other registered names in a case-insensitive

I suggest replacing "in a case-insensitive manner" with something like "if when
applying Unicode toLowerCase() to both, they compare equal".

Or maybe keep "case-insensitive" and just add a sentence explaining what it is.
I think you should use toLowerCase(), as it is already recommended in other
IETF specs, like RFC 8265.

      manner unless the Designated Experts state that there is a
      compelling reason to allow an exception.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I am agreeing with Adam's DISCUSS. I believe it was addressed in the latest version.