[OAUTH-WG] AD review of draft-ietf-oauth-dyn-reg-management

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 26 February 2015 16:04 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 430BB1A8752 for <oauth@ietfa.amsl.com>; Thu, 26 Feb 2015 08:04:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B__KWx6h-mXa for <oauth@ietfa.amsl.com>; Thu, 26 Feb 2015 08:04:25 -0800 (PST)
Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83AA91A871A for <oauth@ietf.org>; Thu, 26 Feb 2015 08:04:25 -0800 (PST)
Received: by mail-oi0-f49.google.com with SMTP id v63so10062445oia.8 for <oauth@ietf.org>; Thu, 26 Feb 2015 08:04:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=jo5gtvUavRxCZM5IBTQAFEIA/MyAEDfUGUIPyJ0Y1ro=; b=Fo1rjPI6a7F7Z/+sDXjZ8vEX139GpaWclpU8pQ1mEne7Hw2dDJQrC9BTh1iq1evmtU o5JSQtGV63MCs1fjM1xFZU24PvKqArKUE55lxxqf94dhc+yNFaHJA7TG4Fb8LhpPJ5zz m5MToL0Sv5g4stX+Um8M93EJFkBj1Fh52f3ObOhFWhoXDjyzYl8kYd9Ei0xv+U9c+3WO TSbvJZQP+Jd9GXDDs08GNTxIIKvLSOw0Koc3pU3HqEB0jfStPUvlcg0myIclNFE2zjpP 5gTy3m+BirLLJHnV/3JogG6BbeYkHew/zHTnnzlnG2z6MzsBJfJeWdvmCOVsxaNfrDG2 uuxw==
MIME-Version: 1.0
X-Received: by 10.107.46.230 with SMTP id u99mr12292840iou.21.1424966664633; Thu, 26 Feb 2015 08:04:24 -0800 (PST)
Received: by 10.107.12.34 with HTTP; Thu, 26 Feb 2015 08:04:24 -0800 (PST)
Date: Thu, 26 Feb 2015 11:04:24 -0500
Message-ID: <CAHbuEH4ZQraLnWEeJAwqHq8mKHeeXWjMCA0QjY87pUjH3DKM9A@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary=001a11c16a96dccba6050fffe71d
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/QImbPvVFf1CWL3_k3IlF6SLx8gc>
Subject: [OAUTH-WG] AD review of draft-ietf-oauth-dyn-reg-management
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2015 16:04:27 -0000

Hello,

I reviewed draft-ietf-oauth-dyn-reg-management, which reads well and I just
have a few questions and suggestions below that would be good to address
prior to IETF last call.

Section 1.3
Bullet D might be easier to read as a list within the bullet.

Section 2
This is something I don't recall offhand and may be in place in another
draft, so a pointer would be great.  Is there an MTI set for one of the
recommended cipher suites in the TLS & DTLS BCP to ensure interoperability
(but also allow for algorithm agility)?  If not and there is a reason,
please explain.
See section 4: https://datatracker.ietf.org/doc/draft-ietf-uta-tls-bcp/
This is not the right draft to add this content, but I'd like to know if it
is covered somewhere or doesn't need to be for some reason.  TLS
requirements should point to that draft (assuming one exists) so there is
only one place to update if needed for any specific requirements to OAuth.

IANA Considerations:
The shepherd report says that there are no actions for IANA, so this needs
to be updated as the draft is the specification required to add two new
entries to an existing registry, established by the parent document.  It
does require DE review on the mailing list: oauth-ext-review@ietf.org
If that has been done, then a pointer to the archive would be helpful.

Thank you.

-- 

Best regards,
Kathleen