Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oauth-device-flow-12: (with DISCUSS)
William Denniss <wdenniss@google.com> Fri, 19 October 2018 21:15 UTC
Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37EF4130DE5 for <oauth@ietfa.amsl.com>; Fri, 19 Oct 2018 14:15:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EanuwfzuzNot for <oauth@ietfa.amsl.com>; Fri, 19 Oct 2018 14:15:38 -0700 (PDT)
Received: from mail-it1-x135.google.com (mail-it1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B755130DDB for <oauth@ietf.org>; Fri, 19 Oct 2018 14:15:34 -0700 (PDT)
Received: by mail-it1-x135.google.com with SMTP id l191-v6so5850875ita.4 for <oauth@ietf.org>; Fri, 19 Oct 2018 14:15:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ckvmqahYJq8unTdh3HePvJr8QiuEOuvg6JqeSFYamvc=; b=Pc5zY7NrRtzH8QVkXwayNN19G7Gzm3996X1+8fr4ycReExQB2J1HC5EO2zpYkND/XQ npRAkcZ2Dwj7jdXzifTd6wz91Zv7OlDhQYKNgPtXSbcudAGVkUS3xOmz9hSreOulrf4x WtxgfGObypnQsxQblaSW4f/d8Qy+9w+FAOJHmwGh7BX+v1hKbdY88y1tGP67NhYWwJSk l/tC6LwUwLwNO5vFaujcfGpAg/2qbkKRJa7uvLkNO0+eSQkdFHd0PDnoO9ZiRVVkfr1B J83MpCM+jTrQjIU6/GqF9+bmhFTOgbcoo2wE2274P19nIFH47v67XZ/d/78oQQFedulI 74hA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ckvmqahYJq8unTdh3HePvJr8QiuEOuvg6JqeSFYamvc=; b=UzmIHpVP4sKOURukAvn4pE7WPaZgy7nw60mo6ofxc1w8hQXwbUyMx0VWifqajr8+6A ZB8nuIYQt5tZZUkfNs08XvAa8y22G4bH8THgUn6efnpUgYkI4Y5jkmHcmdJzwxz5uUKT IfUjAUA6DwCVuwscmJcytAbI7be2ubY2E7bgYRdS50HzICAoPEEJmj53erOWnbnKVJTK vbCEyi96EzCDFm0pLoZxP17DvzrP9PACO+dd5fqOENFsCfJb3XdFq7RCJyMx5j2XK6eb M80wkCcYqN3xzwXtb9vfCYdADah9GQ/lHr+sTf7l9v/wdGD8rvNgsn3lWlLx9cozJFWe eWzQ==
X-Gm-Message-State: ABuFfohw2/eQSEgSCNZv7fb4gWJMVA27TU7NVzLAQs8pYNGpQ01UgoFA LU9lQ4HeTMDvdUO6P4nX4OLU9mi3pZNzDfNkfAofSw==
X-Google-Smtp-Source: ACcGV63maVhrgl4kBja4gyQvvbKOsOBHaLMRSnVRc4HN4x+aWFpMyUxFgrSpPpOIxy7i8dQAMUTOUZ4U/bJMiSxIzMY=
X-Received: by 2002:a24:de83:: with SMTP id d125-v6mr4104969itg.137.1539983733414; Fri, 19 Oct 2018 14:15:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a6b:e30a:0:0:0:0:0 with HTTP; Fri, 19 Oct 2018 14:15:12 -0700 (PDT)
In-Reply-To: <153317059661.22107.3645320244647621058.idtracker@ietfa.amsl.com>
References: <153317059661.22107.3645320244647621058.idtracker@ietfa.amsl.com>
From: William Denniss <wdenniss@google.com>
Date: Fri, 19 Oct 2018 14:15:12 -0700
Message-ID: <CAAP42hAcD7uVa_1wY8f6yeS7EMAJgaeHzV6rJR2gF=En522gKA@mail.gmail.com>
To: Adam Roach <adam@nostrum.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-oauth-device-flow@ietf.org, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, oauth-chairs@ietf.org, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000644a8b05789b676b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/_CmyLYTNwead1ZgWXHiKD8W4L9E>
Subject: Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oauth-device-flow-12: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 21:15:40 -0000
Adam, Thank you for your feedback and pointers, version 13 should fully address your feedback. Comments inline: On Wed, Aug 1, 2018 at 5:43 PM, Adam Roach <adam@nostrum.com> wrote: > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thanks to the authors for addressing my comments and half of my DISCUSS. > This final issue appears to remain unaddressed: > > §3.1: > > > The client initiates the flow by requesting a set of verification > > codes from the authorization server by making an HTTP "POST" request > > to the device authorization endpoint. The client constructs the > > request with the following parameters, encoded with the "application/ > > x-www-form-urlencoded" content type: > > This document needs a normative citation for this media type. > > My suggestion would be to cite REC-html5-20141028 section 4.10.22.6, as > this > appears to be the most recent stable description of how to encode this > media > type. I'd love to hear rationale behind other citations being more > appropriate, > since I'm not entirely happy with the one I suggest above (given that it's > been > superseded by HTML 5.2); but every other plausible citation I can find is > even > less palatable (with HTML 5.2 itself having the drawback of not actually > defining how to encode the media type, instead pointing to an unstable, > unversioned document). > Thank you for the advice. I've struggled with this one myself. HTML 5.2 like you say links to an unstable and unversioned document (albeit one that is readable and pleasant for implementors). I wish they had a proper stable reference, it seems odd to normatively reference something that isn't stable to me, but what can we do? I went with the exact reference you suggested, it's in version 13. Best, William
- [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oau… Adam Roach
- Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf… William Denniss
- Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf… Adam Roach