Re: [OAUTH-WG] [Gen-art] Genart last call review of draft-ietf-oauth-device-flow-10
Alissa Cooper <alissa@cooperw.in> Tue, 31 July 2018 15:58 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A909D126F72; Tue, 31 Jul 2018 08:58:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.821
X-Spam-Level:
X-Spam-Status: No, score=-0.821 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=oCx06RQY; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=cBo36DdD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1L92qBZRGSD; Tue, 31 Jul 2018 08:58:44 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3961130F0A; Tue, 31 Jul 2018 08:58:44 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 94F3121D45; Tue, 31 Jul 2018 11:58:43 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Tue, 31 Jul 2018 11:58:43 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=9R11wHfhqtj2GK0kkq/WqaStD48rw Rgc5BkK6SATf7A=; b=oCx06RQYw5MD+zCCEWo/RCCWP34GlL/P5EEbYbv7xMUzH uTyidFbVBIZYapyG2kcUlXpbquKF5ZcYybB+qnufOKdRLoyRtWjQUk3D6DDocnnA N9xIhAMNq1qBfGVqKhIyRp+M2IT462e7KRw7PALtDjwLYQjAnZUoW8D6xtRBmubB 8jFdfCqkHDcOfSf5pSPZ7dtbB6YSga3He9qMQb4Hs3JiiFzxZovXK+BpLLQOKHI2 pJPDBUJ64xwkCArOot2Z2C7Pe2A9NHdyYp0HP9XSAtReo8yKTmotUdetnDJa314P 81rCfpTSUorOB/9OzkYro4G/hQFsnZ28RE6yZpXcw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=9R11wH fhqtj2GK0kkq/WqaStD48rwRgc5BkK6SATf7A=; b=cBo36DdDQE9USqtQCjF5T/ 76YwuWT3qcn0BBCFpvD+OwszajtDrBxD9kgGUiVo0F4A6kKslIQ0HCU1UH6JLtjC +WVQPw/C7KZdCGlOWCsNpqjy1AtvR4yhC2u1nuaXBU86yjFJOmVPIT8jy23rY78+ XnhN1UUCvwYHIyI/4BycHNLfRJalnJ+plaYFKuYguiPD3sSpTlwRFz2K7EX3AOVZ 9Vzx+hLD9MvKCU54NSqz7mjGyhU+D/GVlSw3CSEd8UUi5/g2gyzWyeHqp0dnkpIV 7v5NDgmChHMckYxEMZHwWA0oc0aDolFRhulVqNo2Ch8TouhPRrjPkr8XihZjfQ/w ==
X-ME-Proxy: <xmx:M4dgW6zXQCjn7VEBjDyrApzlFesHcUNQt8XBpnNofUvNtyfJp0N12g> <xmx:M4dgWxuqhq4Egaug1vf2K0fJGvCWgrUN80QACZ-61Wc9RvKi0v3qmQ> <xmx:M4dgW_3C-Q7lAngYYbzA-ZS6BMFxW0lscMMAbUHnN2mN5dM56fus7w> <xmx:M4dgW0868AcQAIdazB6fulrEcrQ9yTOB30e0zMcUpdx3UJ3GRThLRg> <xmx:M4dgW4NgkhvRDoP8bGYmBjgnEusp1flqac_HUmS8OHe2qgvb0c5pcw> <xmx:M4dgW1aQq6r0geuN2GuSHkSE2uH_WrZpn-i9d3ETADE_nBi-IjJHgg>
X-ME-Sender: <xms:M4dgW-sXU8-ZPHRgSjLl9ixwjjHqEdodXdBa_huvfSL962juGHmVdQ>
Received: from rtp-alcoop-nitro2.cisco.com (unknown [173.38.117.90]) by mail.messagingengine.com (Postfix) with ESMTPA id A17A8E455F; Tue, 31 Jul 2018 11:58:42 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <c53a8e8f-7873-3c5a-aa6f-3e0a896c9a88@nostrum.com>
Date: Tue, 31 Jul 2018 11:58:41 -0400
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-oauth-device-flow.all@ietf.org, oauth@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CB9FD96F-EED3-4D09-B744-B576052D52CE@cooperw.in>
References: <152873404689.2672.12557627140070509936@ietfa.amsl.com> <c53a8e8f-7873-3c5a-aa6f-3e0a896c9a88@nostrum.com>
To: Robert Sparks <rjsparks@nostrum.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/X6G5hx14YjnDf-TVAh3pczPcY3w>
Subject: Re: [OAUTH-WG] [Gen-art] Genart last call review of draft-ietf-oauth-device-flow-10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jul 2018 15:58:47 -0000
Robert, thanks for your review. I have pointed to it in my No Objection ballot. Alissa > On Jul 20, 2018, at 1:37 PM, Robert Sparks <rjsparks@nostrum.com> wrote: > > As far as I can tell, there has been no response to this. The document revision just updated a reference to reflect an rfc having been published. > > Apologies if I missed a response. > > RjS > > > On 6/11/18 12:20 PM, Robert Sparks wrote: >> Reviewer: Robert Sparks >> Review result: Ready with Nits >> >> I am the assigned Gen-ART reviewer for this draft. The General Area >> Review Team (Gen-ART) reviews all IETF documents being processed >> by the IESG for the IETF Chair. Please treat these comments just >> like any other last call comments. >> >> For more information, please see the FAQ at >> >> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. >> >> Document: draft-ietf-oauth-device-flow-10 >> Reviewer: Robert Sparks >> Review Date: 2018-06-11 >> IETF LC End Date: 2018-06-12 >> IESG Telechat date: Not scheduled for a telechat >> >> Summary: Ready for publication as a Proposed Standard RFC, but with nits to >> consider >> >> Nits/editorial comments: >> >> In 3.5 "the client MUST use a reasonable default polling interval" is not >> testable. Who determines "reasonable"? At the very least, you should add some >> text about how to determine what "reasonable" is for a given device, and add >> some text that says don't poll faster than earlier responses limited you to. >> For example, if the response at step B in the introductory diagram had an >> explicit interval of 15, but a slow-down response to an E message didn't have >> an explicit interval, you don't want them to default to, say 5 seconds (because >> that's what the example in section 3.2 said, so it must be reasonable). >> >> In 3.3, you say the device_code MUST NOT be displayed or communicated. Is there >> a security property that's lost if there is? Or is this just saying "Don't >> waste space or the user's time"? >> >> The last paragraph of section 6.1 feels like a recipe for false positives, and >> for bug-entrenched code. Please reconsider it. >> >> You need line-folding in the example in section 3.2 >> >> >> _______________________________________________ >> Gen-art mailing list >> Gen-art@ietf.org >> https://www.ietf.org/mailman/listinfo/gen-art > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [OAUTH-WG] Genart last call review of draft-ietf-… Robert Sparks
- Re: [OAUTH-WG] [Gen-art] Genart last call review … Robert Sparks
- Re: [OAUTH-WG] [Gen-art] Genart last call review … Alissa Cooper
- Re: [OAUTH-WG] [Gen-art] Genart last call review … William Denniss
- Re: [OAUTH-WG] Genart last call review of draft-i… William Denniss
- Re: [OAUTH-WG] Genart last call review of draft-i… Robert Sparks