[OAUTH-WG] Re: [Editorial Errata Reported] RFC7636 (8458)
Justin Richer <jricher@mit.edu> Sat, 14 June 2025 11:21 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AFF6334EA542 for <oauth@mail2.ietf.org>; Sat, 14 Jun 2025 04:21:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9TnYvFWTqyq for <oauth@mail2.ietf.org>; Sat, 14 Jun 2025 04:21:06 -0700 (PDT)
Received: from BYAPR05CU005.outbound.protection.outlook.com (mail-westusazon11010001.outbound.protection.outlook.com [52.101.85.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 9680F34EA52D for <oauth@ietf.org>; Sat, 14 Jun 2025 04:21:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=eicZhdZB1hFjvfB0ltOs2jxOTRrEkA36Vw3c3vMCVHud+M6nWMokTQNKZfGEzPn7+S9/VdnSokKi7A//GYTTUPxllSl8JOfjoyFQVR5yvHfpKg7fbZ2BQnoWuaMcGHVcQpm6jQMk4gTSIdCkLF2NkOS15YioTFxmx/WKdU9JIEfM1hYePIq2u/n+CPnXe2ozTQkVYphoV4LASCYSbQyU3WTwr0xUFMYTnGhtCBVfT0xlwKRRS5vbEKRTlabN+FO2C02e8IqC9mD0ljKtWEOGfMwruAt4xmpqK+8Rs2uKWeSbcejsTjl+w22hmcstBm7hOD7P/osO7TWaY3ytVOhYjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aGiVs9CZy5idRayB1QjnzeHuMGLzuuoLRorxP2mvY18=; b=kGrP57ReCrrwVZ3zGUhPaHQB+neJKenDZsjKC59yD+2VcPzWb22uEIsnKHsovEKIciCv42yEqftDumUE5g69FRQebTKQjiJgQZQZo5nYlXrgMzjTOgXxp5ShR7IwRc3aZOCbkJkr2XIB683KFa5VnBnRjuiqi3t6gPBugY8kywmJXYTRyOSTBJ2o+eJtRFWCjL6LfWiYGIeUGd5N0VPqztFYF6GyphokqUux0eBSrdysz661kyIubBWGkzr1kFghWk55dr+49K5GejpbiPPGhHZGieNFjB9sNuSPIknrAZAXrHXv0lJb7zvV/O9/eXVMyXCVgMDTLmGwg8C4tZcGWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aGiVs9CZy5idRayB1QjnzeHuMGLzuuoLRorxP2mvY18=; b=th2AgXvEuhxM4XG0YKJf84vcUp5yBDWlJ7gmCP/+IsiP0V5p0mtSyAMH7+f+ooZ/gkEtPcBf5OKImKbk4FcIITs1DoBzK6IQg59Z++i32WOAkHqkxXVu+560PTVz/VSt/u1vEeCcOYGqHF/QaeBWO8aBp7E8NT05jIydpHrH1yw=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by IA3PR01MB8695.prod.exchangelabs.com (2603:10b6:208:533::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8835.23; Sat, 14 Jun 2025 11:21:04 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820%3]) with mapi id 15.20.8835.018; Sat, 14 Jun 2025 11:21:04 +0000
From: Justin Richer <jricher@mit.edu>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Thread-Topic: [OAUTH-WG] [Editorial Errata Reported] RFC7636 (8458)
Thread-Index: AQHb3EvC7f7Ef+5HzkG9D6nC8BmZRrQCgmyjgAABWUQ=
Date: Sat, 14 Jun 2025 11:21:03 +0000
Message-ID: <LV8PR01MB867787802DDF43BE68B62D94BD76A@LV8PR01MB8677.prod.exchangelabs.com>
References: <20250613101218.4B876265CD6@rfcpa.rfc-editor.org> <LV8PR01MB8677D99EDA22900C1B0FF772BD76A@LV8PR01MB8677.prod.exchangelabs.com>
In-Reply-To: <LV8PR01MB8677D99EDA22900C1B0FF772BD76A@LV8PR01MB8677.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|IA3PR01MB8695:EE_
x-ms-office365-filtering-correlation-id: 3d488244-2205-43c4-ec82-08ddab358cc6
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|4022899009|366016|1800799024|376014|38070700018|13003099007|8096899003|7053199007;
x-microsoft-antispam-message-info: ODzjWeTH897H3eFAbEONHa5NnPkR+hcYIQZDfTKYBeYHgc1KX58B9Rgnlo++QOtHjiqLmgwqd8HKDKb5WE/pwhBRcMh+q4mRbFkBqu8XDPCabXSdSyw1wfsKWHjCi02VXFSuxVIerrMcl3Iw6rIUgVbrSYrBtmbveeG0Yz/+KYsNdt85XC5/t5XTIduFvkDpVWi1KfAD2VhrrG9EkLzhd9W0NTunWGNNbhQfvPxLxn5qIxYMfCixI8EczL8z4rZgnn5YIgCHDSCSgmj7quwQxCAOzAo+CHxqnGHfGIFtZB0yxULKtF73AyqkiNdZtChisbLxNPpb2RsyfguSCnh70eBLty4QoXuSjzdW+59FYyyH5I/ghhGfgK1bYVwTwvYBmuETumHG+jB3ISOjzMTZ8pk46GZ19gnFhmTrIA5lYB6wyNJptZ0b0HVKLs7kD7gnSymHuKdjLBdfQfHVUbYr33e3mut3l3L/ApNh6UEYMb3RR1LfTIf7uJ4TmIujeP7lM+9sKA5krvdKsMV7H8sBtsosdSmmCm7l/kn3c92kdy0wb2JoVoILE0gwnL72vxMGDfnr9M3lH/HDrIMbIS42zAx78nxVZ+hIeXtvjTkvUHsRJCJOZB0OLXjrhwR+Q0qvIDACg9ZZnSFm8BlQUxUuxDG6xn29ubIoytjFyojFZg/1TYzq/oL0bLGMcfF1aYbCq83cIjG1Aez/KLy2BNXBe6KfGEjljjS6v1SxMcRlkvplnu/5Q9AknCnShxOesydOGiePsXHZtxZ0gFfYZcNqJlipOiYUZZPf920cOTKIBD7sGK7ULgbHRd/bYSMfK+6KkDQ0WKV1QXQ13oKNCUczBFnfRs8n6o/OgyQQpOrztxQvwASOzHspIYjKEhrN38nzLZew3JO42urrj5DSmmzG4WjpewLQw8BVo0ZOtFUteNL4RY+LOOe/65G+yiJtJHErXP1FpgK2qg/mjfFFg9D0U/x/6iBIIVqPWxStj+Of0VCOoH/VQqwuPTHfmxS9mex7VMhOaMC6TIH05EZukmqKDQyTUUT6cChA5WN0uJaZNvhFCO3ajN87AJVX1GMfGwSm0OwZM8nlAro6G+pf0ZSrNrcdVQPwfnOcNyA2VJqPro+2bOms/oBFYQMDHOS5QRdLNpkVEm+Dg5xI5NY1ZVQgK6mYGLIIMVGl9i8ipXUYfy3cgWKEjh1KHL/ROkL3xVkHeiiYWh7E4a321gJEfDgQ5VjUOciW7AO2lWvg5xN5Sw05dzH3j9AHqUNFKEoaB3pmdx/pJz2Qz+yewaLBntLZBCyZIdrSDCAryADXQM7SZbsitOla22Y2flaCae8kD6t59jsJvbW8FvVcCpQNLL1zHRX26iar35c5SYW7yoT1c9pWG6KyuQSHz1DWAxoDpg+a68S2yG2sXsL/TmIfSwDbwHi9o2sYUeSTDTRLcWezJh0=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR01MB8677.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(366016)(1800799024)(376014)(38070700018)(13003099007)(8096899003)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /+++Q1PKxuKHurZTyOrvNt4BOBbAWEyttk1r6z9gcC/M2QqgabrTqVXkLKn3odTuBNeKPINftaC1x5XAIiGMamslApT65ro3jlBpWXiNj98NEYZfJ0CO/giAhPgun2wWpqY8qD0BB1kHurWNlGiQ7ETHQ+kXIQwoIExpAWUg0vVbpmtmFGO9dsrizDSqipcMQ011O80aQ4n3x2OIkS6sW09BUAzzLTJq3G+4Q8zolOq328+1DE7NgwtfVA9pq6zrrWCX0qEBEwqnnd2YiWUpfJslpu+/QTDvPwxOrorid1C4qqFZq9vVxeYYY6SDUUuURABpDMS3YgyrCdTvJ0TKTvGUXqzq+PG9s5KWQ41HCBwOS0ltU0BpKhS5E+H+KfYpeqgZbkuMp8QC8ywm67ks/PhGwwevVIC2PwNYsJorpK6YKlOt6i/pOb55E1AtXSUlInj5hVyT43nm+QwHkRumzGDWE1q2HOJMlwtF1JC/WNp5BgXjXPe1bFG9xCibaokjicZXYUGrnWPeNg2WBLeBFLKirSRLqNcPrXQtHzYgk2elKUewmn56Yz/s28J6P1kDREpKXgZ/AqFLnWvLkTVsYESUZXZKPBWH5VVGr2EiDQ1DcQfWTNEgF+Bw2QD28EOC+ZTYcAipnNOfwIcfi9DMP7in+3rEUApqQihzOdanRQg7Xs2s79xAesnqruQlD0QtYD7p3e4Q5Da79Zy6XJC0TzUdRY5DHBWAxl4qfeTam3DJdEWKGvb672SPlp7u+X/QMFo30c9jl8cGXUR6zdGOMh71usHQRIuc90+ggZOrVreXxI7FKOfd5mCcrn4QS7oJTIz80odTslCOndQObtkYCq+kyddXi0ZSW1n/EyF5TgLztXGg51ZobQrmkXwAqpkxrvFWS1IWktdCNoi5vzwp1g9bqYrm+T1G5UrZtNNMU/2y7Po7nURp45Yknb7jCNjmo4z6+S1WW/fHAXA9j1bmHpHwzBbJezNcysaXeGGNXzvBoI3+vMI2DK412Iygn/6aW74314f/0BdEIpCeT0zTNhhTYP1JXQ6Yafonl6Bpecpn5Exx70+SoMP/kgvHQp3QQHqxvCU/un6CWBkYvRO1v6guGyYkrGnyR2BMrgCZLlnFqiuxMf9AdC5EOkwepe4Pa297mG1dEjB22FvYKAu7H6RZ2nQOty/XDyRn+kxMiySmqXAL9SDMe6dkGooWBrBS2+HSl0mTNQjn3HZ8F/ix+vVgP1F8gDOCStPxYZM76OfMQgrXBnZc9bZjAMElE4WZWBevJIlEaVN42al8JtD6wFEnl4tj9Tr4qxCufzR1VT9llfmNQ2WDQgw8cQH62CruyBNEORVAuWgcLuWEFFLe9LL1HOU9+MumXBN3tSLU3+RazoE5AZFmZksDWvht26w96aQJl/OEwNlWxH37Qs+kv/wvmssMLVtHVfRKCiGVxuYEDcAj1SX6wzBai5KbmdLudn6OUGMcfVtnamAi8ZgRBRt+DZ7rbDzvmN3pKo2pVyQsuUab2/JmPswQ4HxWtEgmgxLmU3/4WRMdk7PhOntz7rkWpVLxFWn01nRS6/7L7J4=
Content-Type: multipart/alternative; boundary="_000_LV8PR01MB867787802DDF43BE68B62D94BD76ALV8PR01MB8677prod_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3d488244-2205-43c4-ec82-08ddab358cc6
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2025 11:21:03.9816 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: x1m2pY+yHHdWFSmA+yLtUiqV4EBzJqNS/JiDqalFNdUNs5Ig68pk1eZTkjnZ6K3p
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA3PR01MB8695
Message-ID-Hash: KXSA3NSRS3TN4367ZKFO54FUD2TQT7JE
X-Message-ID-Hash: KXSA3NSRS3TN4367ZKFO54FUD2TQT7JE
X-MailFrom: jricher@mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jeffrey S Walden <jwalden@mit.edu>, "n-sakimura@nri.co.jp" <n-sakimura@nri.co.jp>, "naa@google.com" <naa@google.com>, "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: [Editorial Errata Reported] RFC7636 (8458)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/e6SFmzY39TTdmj1goBpRkDWiSHs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
A minor correction to my email: on this report, the parameter in question is "code challenge" and not "code_verifier" but the rest of the reply stands. Copy-paste error on my part, as both errata reports have the same problem. - Justin ________________________________ From: Justin Richer <jricher@mit.edu> Sent: Saturday, June 14, 2025 7:18 AM To: RFC Errata System <rfc-editor@rfc-editor.org> Cc: Jeffrey S Walden <jwalden@mit.edu>; n-sakimura@nri.co.jp <n-sakimura@nri.co.jp>; naa@google.com <naa@google.com>; oauth@ietf.org <oauth@ietf.org> Subject: Re: [OAUTH-WG] [Editorial Errata Reported] RFC7636 (8458) This is not an error and the errata should be rejected. As per the ABNF definition in https://www.rfc-editor.org/rfc/rfc5234.html#section-21<https://www.rfc-editor.org/rfc/rfc5234.html#section-2.1> the name contains "alphabetics, digits, and hyphens (dashes)", and not underscores. I believe the commenter is expecting the ABNF rule name of code-verifier to match the parameter name of code_verifier, but they do not need to be the same. While this is confusing, the text is correct as it stands. - Justin ________________________________ From: RFC Errata System <rfc-editor@rfc-editor.org> Sent: Friday, June 13, 2025 6:12 AM To: rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org> Cc: Jeffrey S Walden <jwalden@mit.edu>; n-sakimura@nri.co.jp <n-sakimura@nri.co.jp>; naa@google.com <naa@google.com>; oauth@ietf.org <oauth@ietf.org> Subject: [OAUTH-WG] [Editorial Errata Reported] RFC7636 (8458) The following errata report has been submitted for RFC7636, "Proof Key for Code Exchange by OAuth Public Clients". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8458 -------------------------------------- Type: Editorial Reported by: Jeff Walden <jwalden@mit.edu> Section: 4.2 Original Text ------------- code-challenge = 43*128unreserved Corrected Text -------------- code_challenge = 43*128unreserved Notes ----- The ABNF accidentally uses a hyphen/dash rather than an underscore in the code_challenge name in its rule. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC7636 (draft-ietf-oauth-spop-15) -------------------------------------- Title : Proof Key for Code Exchange by OAuth Public Clients Publication Date : September 2015 Author(s) : N. Sakimura, Ed., J. Bradley, N. Agarwal Category : PROPOSED STANDARD Source : Web Authorization Protocol Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-leave@ietf.org
- [OAUTH-WG] [Editorial Errata Reported] RFC7636 (8… RFC Errata System
- [OAUTH-WG] Re: [Editorial Errata Reported] RFC763… Justin Richer
- [OAUTH-WG] Re: [Editorial Errata Reported] RFC763… Justin Richer
- [OAUTH-WG] Re: [Editorial Errata Reported] RFC763… Madison Church