[OAUTH-WG] Fwd: Wording feedback in draft 3 of draft-ietf-oauth-v2-http-mac
Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 07 May 2013 06:40 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F3F21F851E for <oauth@ietfa.amsl.com>; Mon, 6 May 2013 23:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VCzdAfD7s97q for <oauth@ietfa.amsl.com>; Mon, 6 May 2013 23:40:20 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by ietfa.amsl.com (Postfix) with ESMTP id A9C9621F8FA5 for <oauth@ietf.org>; Mon, 6 May 2013 23:40:19 -0700 (PDT)
Received: from mailout-de.gmx.net ([10.1.76.24]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0M84Qp-1UMcxH1Y5R-00vcKx for <oauth@ietf.org>; Tue, 07 May 2013 08:40:18 +0200
Received: (qmail invoked by alias); 07 May 2013 06:40:18 -0000
Received: from a88-115-219-140.elisa-laajakaista.fi (EHLO [192.168.100.200]) [88.115.219.140] by mail.gmx.net (mp024) with SMTP; 07 May 2013 08:40:18 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/+inQuWcn+piEGyIunaXTuhfuMx4nCL9JVfppoJH nG2S+nJjppG5rw
Message-ID: <5188A1CD.6010701@gmx.net>
Date: Tue, 07 May 2013 09:40:13 +0300
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5
MIME-Version: 1.0
To: "oauth@ietf.org WG" <oauth@ietf.org>
References: <51884195.6010706@stanford.edu>
In-Reply-To: <51884195.6010706@stanford.edu>
X-Forwarded-Message-Id: <51884195.6010706@stanford.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Fwd: Wording feedback in draft 3 of draft-ietf-oauth-v2-http-mac
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2013 06:40:25 -0000
Thanks for your feedback, Patrick. I forwarded your review comments to the IETF OAuth mailing list. Will discuss it there. -------- Original Message -------- Subject: Wording feedback in draft 3 Resent-To: hannes.tschofenig@gmx.net, jricher@mitre.org, wmills@yahoo-inc.com Date: Mon, 06 May 2013 16:49:41 -0700 From: Patrick Radtke <pradtke@stanford.edu> To: draft-ietf-oauth-v2-http-mac@tools.ietf.org I'm not sure how this is usually done, but here is some feedback on wording that I found confusing. I didn't know where to look to determine if this feedback has already been given. > 128 Since a keyed message digest only provides integrity protection and > 129 data-origin authentication confidentiality protection can only be > 130 added by the usage of Transport Layer Security (TLS). What is the 'since' implying? Usually 'since' would be used to imply an action, but the rest of the sentence is just a statement. Maybe "Transport Layer Security (TLS) MAY be used to provide data-origin authentication confidentiality protection since a keyed message digest only provides integrity protection" > 323 The transport of the mac_key from the authorization server to the > 324 resource server is accomplished by conveying the encrypting mac_key > 325 inside the access token. The phrase 'encrypting mac_key' is confusing, maybe because its a typo? Is that suppose to be 'encrypted mac_key' or 'conveying the mac_key inside the encrypted access token'? > 591 the token). The content of the access token, in particular the > 592 audience field and the scope, MUST be verified as described in There is no reference after 'in'. -Patrick
- [OAUTH-WG] Fwd: Wording feedback in draft 3 of dr… Hannes Tschofenig