Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7642)
Aaron Parecki <aaron@parecki.com> Sun, 17 September 2023 10:34 UTC
Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D60CC14CEFE for <oauth@ietfa.amsl.com>; Sun, 17 Sep 2023 03:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqYzBYikKsYM for <oauth@ietfa.amsl.com>; Sun, 17 Sep 2023 03:34:37 -0700 (PDT)
Received: from mail-ua1-x930.google.com (mail-ua1-x930.google.com [IPv6:2607:f8b0:4864:20::930]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AFDCC14CEFD for <oauth@ietf.org>; Sun, 17 Sep 2023 03:34:37 -0700 (PDT)
Received: by mail-ua1-x930.google.com with SMTP id a1e0cc1a2514c-7a8a67a7e21so923943241.0 for <oauth@ietf.org>; Sun, 17 Sep 2023 03:34:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki.com; s=google; t=1694946876; x=1695551676; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ePKAXHbBIdd65r3wyaRPCs1SC+uv4dQACihI2ZmAP3k=; b=g6K41xam5BIj+5lJTGSwZQ8YYrJHSNuIn5ZA0eWb1mAi6G/UuS1/+uw0i6ei1P2xpf j+dBG9LiZjG4GZOnACFdJHIhbTMdViDGoreUWsHU+bMQqWo9CWq/H3vf4HnS3ttPmS98 WEApxpfyXY1YH2eo6vGn9i/z1KiB5wP9tTE7JvSg8xISFJtEP1H1YVo4FCzWFYifAbU2 /WUApuN4MVzC/szAhkcc/CBOlxkfKKKNzT5tlYaB9BHFLHxBDnDwDM0twPKwcbeMGPsB fFWQuaS742RUgUnpO/QLoJtVzAg798xFsRS3mCPPTeDn1ya50GxbeDRnZcdKMqxhkcSw tcGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694946876; x=1695551676; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ePKAXHbBIdd65r3wyaRPCs1SC+uv4dQACihI2ZmAP3k=; b=fh4UhTE4kQuZhyO6/OGhkKaw41hD0JAUxRk/w9jMqUQhIdtxNAtuByq/lWZwLA1TS7 PwmQ59KqQ72G3GcB7nS7ORWSA/lLLpv49tRxoPK0hd6BdoP7KWssIhw7TvEsbImVD75L uraxXUpbk4ZLadiMGtbAiy6CKAfovBOxiiu8hKAtssdfyynap3T6aFY3EWZK8aCkdTuE uARUe02WtE5G5kF66ACs6pWu+L4dOwqh1i/WqMGLvkg4JFGUUkonP7jJbWahc/olyLYo HExIgzHAZZYZnze4brQAoblAoGYaog1Jl7FrVdo0y7fbQLxoGJEaJbHaAKuH3eJxgZSO adkQ==
X-Gm-Message-State: AOJu0Yz5w91pqqa8q5qXe9KtXlbmYmTcyKPQcDgXWRaIMFU0W1sMB+zF UOYT9mA/pCgAPPgcMmzdIS++6PQNH8DaVmasyQ+8Aw==
X-Google-Smtp-Source: AGHT+IHSzNBxOQkqEO1qwrdKanwtuGXbusPU6SDlUQoxpss5pYkyE1LXfU0mTB8SZu0dy2Of/QRo5g==
X-Received: by 2002:a67:fd63:0:b0:451:64e:4645 with SMTP id h3-20020a67fd63000000b00451064e4645mr5002285vsa.12.1694946876015; Sun, 17 Sep 2023 03:34:36 -0700 (PDT)
Received: from mail-ua1-f53.google.com (mail-ua1-f53.google.com. [209.85.222.53]) by smtp.gmail.com with ESMTPSA id l2-20020a9f3282000000b0079b10bf6bcdsm1098062uab.25.2023.09.17.03.34.34 for <oauth@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 17 Sep 2023 03:34:34 -0700 (PDT)
Received: by mail-ua1-f53.google.com with SMTP id a1e0cc1a2514c-79a10807b4fso1461367241.2 for <oauth@ietf.org>; Sun, 17 Sep 2023 03:34:34 -0700 (PDT)
X-Received: by 2002:a05:6102:213a:b0:452:5df8:b951 with SMTP id f26-20020a056102213a00b004525df8b951mr1298726vsg.25.1694946873874; Sun, 17 Sep 2023 03:34:33 -0700 (PDT)
MIME-Version: 1.0
References: <20230917090031.C27FC7FDC1@rfcpa.amsl.com>
In-Reply-To: <20230917090031.C27FC7FDC1@rfcpa.amsl.com>
From: Aaron Parecki <aaron@parecki.com>
Date: Sun, 17 Sep 2023 12:34:22 +0200
X-Gmail-Original-Message-ID: <CAGBSGjqwqs-zNm-FOUEZwXGp4_0E=9VCA3k+zJ5snsm1HZaneA@mail.gmail.com>
Message-ID: <CAGBSGjqwqs-zNm-FOUEZwXGp4_0E=9VCA3k+zJ5snsm1HZaneA@mail.gmail.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: w.fast.8@gmail.com, oauth@ietf.org
Content-Type: multipart/alternative; boundary="00000000000054a3a706058b92e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/fHjujIb1uJuM3kiUVEdY1J5YWPo>
Subject: Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7642)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Sep 2023 10:34:42 -0000
I disagree with this errata. The original text is correctly representing that the "photo-sharing service" trusts the authorization server. The suggested text is ambiguous because it does not make clear which party is trusting which other party. Aaron On Sun, Sep 17, 2023 at 11:00 AM RFC Errata System < rfc-editor@rfc-editor.org> wrote: > The following errata report has been submitted for RFC6749, > "The OAuth 2.0 Authorization Framework". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7642 > > -------------------------------------- > Type: Editorial > Reported by: Wilhelm Fast <w.fast.8@gmail.com> > > Section: 1 > > Original Text > ------------- > Instead, she authenticates directly with a server trusted by the > photo-sharing service (authorization server), which issues the printing > service delegation- > specific credentials (access token). > > Corrected Text > -------------- > Instead, she directly authenticates with a trusted server, the > authorization server, which issues delegation-specific credentials, known > as access tokens, to the printing service for controlled and secure access. > > Notes > ----- > The sentence is confusing, and the reader might confuse the Authorization > Server with the Resource Server. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6749 (draft-ietf-oauth-v2-31) > -------------------------------------- > Title : The OAuth 2.0 Authorization Framework > Publication Date : October 2012 > Author(s) : D. Hardt, Ed. > Category : PROPOSED STANDARD > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7… RFC Errata System
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Aaron Parecki
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Warren Parad
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Warren Parad
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Chris Smiley