Re: [OAUTH-WG] [Technical Errata Reported] RFC8252 (5848)
John Bradley <ve7jtb@ve7jtb.com> Tue, 27 August 2019 10:52 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1121712021C for <oauth@ietfa.amsl.com>; Tue, 27 Aug 2019 03:52:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ve7jtb-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OcdC_9tuZAhw for <oauth@ietfa.amsl.com>; Tue, 27 Aug 2019 03:51:56 -0700 (PDT)
Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A38D912004A for <oauth@ietf.org>; Tue, 27 Aug 2019 03:51:56 -0700 (PDT)
Received: by mail-wm1-x341.google.com with SMTP id i63so2500528wmg.4 for <oauth@ietf.org>; Tue, 27 Aug 2019 03:51:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GEbvp8MXAlyqwo36eCQTpPEQxoMnfDCvSDq+TJc+psI=; b=qwr7bqkJdNXoVj0o8pPdqUgzTCZUMS/rWnRrc+OCPSzh5EonUg/8PbSTzxqMilpVDO oHo0IL1MPVafRMsGdBxRysPDbqoMSpDA+/8LcThEllmrMkuCSMcg1xtZnVBaMZTss2is NaTHuz6Qim/1EAXMgcD36xYLIJuAg3aO1Faw4rbZqk0SDw79EF3vY0C+a6QWq82AjOgp OWSO7sVoZreg0mYiEA1HGNl/Zhfb3MbFIjlASUj/vwkhAHfqptTroj5GnUrcUyIf9P/o jflHySsbFelDghLgVWLVKtltyyOze84LM6tDTwqykLssyGT2B7xVCmOLZgUVFqb1mJcs mbDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GEbvp8MXAlyqwo36eCQTpPEQxoMnfDCvSDq+TJc+psI=; b=GHG0L6V/B0p7Dj5zhto9KNaAIpKOuDFSKOOdGChVExdaUKXFnYrJcU9/qfrNrI6a9A gzY/012s3AjexDqZTpdXcsO5qFaJqVsBnAa20rX5AbxSCB1oAofJSV64/jgEz0OIBoja SIYVjKUmqzk5KDKovR9vnmS9Du3yFKvZoCVdcZUg/vbRXQthdWcnB35++p/DMUIh1yTO 1/b2U+L+nSaLoRN4DcDh2q6UO2RxhuNr+My9TuSot+guzQRbmCnd3zK4fkd6fcMlf6Cd HPuMn3XVtUqLw63c/BHdfignOUCxzK0L67PYyshEy+e7VDBJdJC+UryoHaT72S7LC3Wy 9YAw==
X-Gm-Message-State: APjAAAUp1t91eueHl7suPzqYDNbJINEE4GqksgMjX0YBIw2R4ZoW2jzq 15QGeHToUixZ2uydfgcEV712HLAJq7tFOAN1vp622w==
X-Google-Smtp-Source: APXvYqzT8ybrCE9gTGb8Gv0LwrHkVzQ6QPZsNZHvDO76Y8QGIdpAdSEZLLmPkeUEPjNitxQ5JTVZJqqZZXv69jNtJqs=
X-Received: by 2002:a05:600c:2111:: with SMTP id u17mr28921228wml.64.1566903114687; Tue, 27 Aug 2019 03:51:54 -0700 (PDT)
MIME-Version: 1.0
References: <20190826190427.A7DADB80BB9@rfc-editor.org> <CAAP42hAgNm=E1f6DU7pUH23NAoLW9=4CEKWTT7wgk3PY_5s33Q@mail.gmail.com>
In-Reply-To: <CAAP42hAgNm=E1f6DU7pUH23NAoLW9=4CEKWTT7wgk3PY_5s33Q@mail.gmail.com>
From: John Bradley <ve7jtb@ve7jtb.com>
Date: Tue, 27 Aug 2019 12:51:42 +0200
Message-ID: <CAANoGhKTuEauUC-0f9bj8O=ewpNbN4a3NLDHLh3u45Tabt+SBA@mail.gmail.com>
To: William Denniss <wdenniss@google.com>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, bayard.bell@twosigma.com, Benjamin Kaduk <kaduk@mit.edu>, oauth <oauth@ietf.org>, Roman Danyliw <rdd@cert.org>, rfc8252@ve7jtb.com, rfc8252@wdenniss.com, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000008c79510591170fea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/HyCKcvOSa4ZqWyCIZ6sZ3imkpCU>
Subject: Re: [OAUTH-WG] [Technical Errata Reported] RFC8252 (5848)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Aug 2019 10:52:00 -0000
This is not really an eratta. Asome point we need to update the BCP with a updated RFC. Perhaps the time is now to start a new draft that can capture the changes in iOS, OSX and others. John B. On Mon, Aug 26, 2019, 10:46 PM William Denniss <wdenniss@google.com> wrote: > Process-wise I'm not sure if errata should be used to capture changing > implementation details like this. We expected the implementation details > that we documented in the appendix to change, and explicitly stated that > assumption. "The implementation details herein are considered accurate at > the time of publishing but will likely change over time.". > > If updating those implementation details were in scope, then the proposed > text should needs to be revised before being accepted due to some > inaccuracies (e.g. SFSafariViewController is not a successor to > ASWebAuthenticationSession). > > Best, > William > > On Mon, Aug 26, 2019 at 12:04 PM RFC Errata System < > rfc-editor@rfc-editor.org> wrote: > >> The following errata report has been submitted for RFC8252, >> "OAuth 2.0 for Native Apps". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid5848 >> >> -------------------------------------- >> Type: Technical >> Reported by: Bayard Bell <bayard.bell@twosigma.com> >> >> Section: Appendix B.1 >> >> Original Text >> ------------- >> Apps can initiate an authorization request in the browser, without >> the user leaving the app, through the "SFSafariViewController" class >> or its successor "SFAuthenticationSession", which implement the in- >> app browser tab pattern. Safari can be used to handle requests on >> old versions of iOS without in-app browser tab functionality. >> >> Corrected Text >> -------------- >> Apps can initiate an authorization request in the browser, without >> the user leaving the app, through the "ASWebAuthenticationSession" >> class or its successors "SFAuthenticationSession" and >> "SFSafariViewController", which implement the in-app browser tab >> pattern. The first of these allows calls to a handler registered >> for the AS URL, consistent with Section 7.2. The latter two classes, >> now deprecated, can use Safari to handle requests on old versions of >> iOS without in-app browser tab functionality. >> >> Notes >> ----- >> SFAuthenticationSession documentation reflects deprecated status: >> >> >> https://developer.apple.com/documentation/safariservices/sfauthenticationsession >> >> Here's the documentation for ASWebAuthenticationSession: >> >> >> https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC8252 (draft-ietf-oauth-native-apps-12) >> -------------------------------------- >> Title : OAuth 2.0 for Native Apps >> Publication Date : October 2017 >> Author(s) : W. Denniss, J. Bradley >> Category : BEST CURRENT PRACTICE >> Source : Web Authorization Protocol >> Area : Security >> Stream : IETF >> Verifying Party : IESG >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >
- [OAUTH-WG] [Technical Errata Reported] RFC8252 (5… RFC Errata System
- Re: [OAUTH-WG] [Technical Errata Reported] RFC825… William Denniss
- Re: [OAUTH-WG] [Technical Errata Reported] RFC825… John Bradley
- Re: [OAUTH-WG] [Technical Errata Reported] RFC825… Bayard Bell