Re: [OAUTH-WG] [Gen-art] Genart last call review of draft-ietf-oauth-device-flow-10
William Denniss <wdenniss@google.com> Tue, 31 July 2018 16:07 UTC
Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54CE0130DD9 for <oauth@ietfa.amsl.com>; Tue, 31 Jul 2018 09:07:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.61
X-Spam-Level:
X-Spam-Status: No, score=-15.61 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ApO4L9dFVk5 for <oauth@ietfa.amsl.com>; Tue, 31 Jul 2018 09:07:02 -0700 (PDT)
Received: from mail-ua0-x244.google.com (mail-ua0-x244.google.com [IPv6:2607:f8b0:400c:c08::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B2DA130E35 for <oauth@ietf.org>; Tue, 31 Jul 2018 09:07:00 -0700 (PDT)
Received: by mail-ua0-x244.google.com with SMTP id g18-v6so10633830uam.6 for <oauth@ietf.org>; Tue, 31 Jul 2018 09:07:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MR7ePojU1jZPeHSe3+23Pr4XUEbGzgzlyJevr3CmgtY=; b=LLwG3ie8RS17CAPEBj/1DrNM35ep1+Zd1RoCAmLIDdOv2wRrk9c95DSgjNKVud8fVy kLVujns8O0y5r8u10sHlmdnZEw+fyQfBKgcbod/g6VXqU3KkaBGxo1HZZWfN6fmbxoHB xMAr/UkdKlSdde74u5oflPEh8JN9sPwUd77ABUtubhN1ZUJA6BeWQ68XJHDxN2Ozlqcf MmSE1el+cBLH68YaUMK7kHNdYz3i8xI0+wIXdSsNP4Txug7Op5ILw88+hDmJQHEECIEy Wi2upC2TQahtslY55UUtTyU4gYKkL0FV695e8T6yVUnuwJUOAs2GBVurkxTqhO1cammC Y9iQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MR7ePojU1jZPeHSe3+23Pr4XUEbGzgzlyJevr3CmgtY=; b=r1uFBMuvEkV7Dvd7q0baW2OICQ6FPVQCKu5+MzKb0u5bCKqhez3xmkS3L4DEPefK7J dE6I+NzRstlb9eojwBuemusXzd9xZ6idIdb5AOgh/GtdIiM6uGCZs+tPoTbgxmcRlw8V AW51vAMRR5hNF9M+lZ5PgDGs8s2JmVaF9MomVA3BBEQHVhLt7nN3whIQv44V1rZV5u8+ FF+yVTgqAn+sQd9PZ7mb7chBg2QhSgrKlpuVXD3zfUGsOxc8uB9qPxyT5LCQgiLk5kPE gHvPMAm16mKr6/j9QkRSH8wn2enB8a0lrNhIiA5oPA8QxXC2ay5erxKeL1M2mckQ+Y4g 58Fg==
X-Gm-Message-State: AOUpUlFHxUcRmkQuA0R6XePQBNWDqjbiw1oqdTwiQ+afNZgIurY/FsNq YiOAg8UE2ZYlhY43lddNpxLBNI7Drcf6mSu0Khe0UQ==
X-Google-Smtp-Source: AAOMgpdmGUHtjX/Ug6kaLO1oCtRPCEw2sadeHfIuCZVIHXb5qmD8pkB2LMUeBKr3Td5Iy8QcsZL33WMO5wDxHTXeRb4=
X-Received: by 2002:ab0:4987:: with SMTP id e7-v6mr15859373uad.198.1533053218673; Tue, 31 Jul 2018 09:06:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ab0:185a:0:0:0:0:0 with HTTP; Tue, 31 Jul 2018 09:06:38 -0700 (PDT)
In-Reply-To: <CB9FD96F-EED3-4D09-B744-B576052D52CE@cooperw.in>
References: <152873404689.2672.12557627140070509936@ietfa.amsl.com> <c53a8e8f-7873-3c5a-aa6f-3e0a896c9a88@nostrum.com> <CB9FD96F-EED3-4D09-B744-B576052D52CE@cooperw.in>
From: William Denniss <wdenniss@google.com>
Date: Tue, 31 Jul 2018 09:06:38 -0700
Message-ID: <CAAP42hDOcViyK6=faz+azP_E680T3ozS5bOLrjooCy1dKZfg4w@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: Robert Sparks <rjsparks@nostrum.com>, General Area Review Team <gen-art@ietf.org>, draft-ietf-oauth-device-flow.all@ietf.org, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000085dcaa05724dc42d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/WpJ3QtInBkYyJ1PIEoreabFNOi4>
Subject: Re: [OAUTH-WG] [Gen-art] Genart last call review of draft-ietf-oauth-device-flow-10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jul 2018 16:07:05 -0000
Thank you Robert, and Alissa, we really appreciate you feedback. My co-authors and I are processing yours and all the feedback received so far. We'll reply to your points in the coming days. On Tue, Jul 31, 2018 at 8:58 AM, Alissa Cooper <alissa@cooperw.in> wrote: > Robert, thanks for your review. I have pointed to it in my No Objection > ballot. > > Alissa > > > On Jul 20, 2018, at 1:37 PM, Robert Sparks <rjsparks@nostrum.com> wrote: > > > > As far as I can tell, there has been no response to this. The document > revision just updated a reference to reflect an rfc having been published. > > > > Apologies if I missed a response. > > > > RjS > > > > > > On 6/11/18 12:20 PM, Robert Sparks wrote: > >> Reviewer: Robert Sparks > >> Review result: Ready with Nits > >> > >> I am the assigned Gen-ART reviewer for this draft. The General Area > >> Review Team (Gen-ART) reviews all IETF documents being processed > >> by the IESG for the IETF Chair. Please treat these comments just > >> like any other last call comments. > >> > >> For more information, please see the FAQ at > >> > >> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > >> > >> Document: draft-ietf-oauth-device-flow-10 > >> Reviewer: Robert Sparks > >> Review Date: 2018-06-11 > >> IETF LC End Date: 2018-06-12 > >> IESG Telechat date: Not scheduled for a telechat > >> > >> Summary: Ready for publication as a Proposed Standard RFC, but with > nits to > >> consider > >> > >> Nits/editorial comments: > >> > >> In 3.5 "the client MUST use a reasonable default polling interval" is > not > >> testable. Who determines "reasonable"? At the very least, you should > add some > >> text about how to determine what "reasonable" is for a given device, > and add > >> some text that says don't poll faster than earlier responses limited > you to. > >> For example, if the response at step B in the introductory diagram had > an > >> explicit interval of 15, but a slow-down response to an E message > didn't have > >> an explicit interval, you don't want them to default to, say 5 seconds > (because > >> that's what the example in section 3.2 said, so it must be reasonable). > >> > >> In 3.3, you say the device_code MUST NOT be displayed or communicated. > Is there > >> a security property that's lost if there is? Or is this just saying > "Don't > >> waste space or the user's time"? > >> > >> The last paragraph of section 6.1 feels like a recipe for false > positives, and > >> for bug-entrenched code. Please reconsider it. > >> > >> You need line-folding in the example in section 3.2 > >> > >> > >> _______________________________________________ > >> Gen-art mailing list > >> Gen-art@ietf.org > >> https://www.ietf.org/mailman/listinfo/gen-art > > > > _______________________________________________ > > Gen-art mailing list > > Gen-art@ietf.org > > https://www.ietf.org/mailman/listinfo/gen-art > >
- [OAUTH-WG] Genart last call review of draft-ietf-… Robert Sparks
- Re: [OAUTH-WG] [Gen-art] Genart last call review … Robert Sparks
- Re: [OAUTH-WG] [Gen-art] Genart last call review … Alissa Cooper
- Re: [OAUTH-WG] [Gen-art] Genart last call review … William Denniss
- Re: [OAUTH-WG] Genart last call review of draft-i… William Denniss
- Re: [OAUTH-WG] Genart last call review of draft-i… Robert Sparks