Re: [OAUTH-WG] Barry Leiba's No Objection on draft-ietf-oauth-introspection-09: (with COMMENT)

Barry Leiba <> Mon, 08 June 2015 15:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 07ED51B2F75; Mon, 8 Jun 2015 08:40:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.621
X-Spam-Status: No, score=0.621 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GaPd0bTe1ODb; Mon, 8 Jun 2015 08:40:45 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B0DEB1B2F44; Mon, 8 Jun 2015 08:40:19 -0700 (PDT)
Received: by igbpi8 with SMTP id pi8so64597404igb.1; Mon, 08 Jun 2015 08:40:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=8AN1xD3f7GfYmx3BA99Niw6jBMYWHRM8H1E+hXiR8Qk=; b=sYdGcTMvkzHsJUly+Aw1EmU1NVFN8bgpEPthQ9b7iDCsO+iabQRD3oZOsN6IvJO1O4 rIVNGAWV5rRCLLKNEHkxyy7/mqeVCa4aHf4f+3jucVn650F/MTgpkxuFToOl5/6fUk1t nu0zTeAN5AvnPbu7k6wcXvBSOEFpVQNOk9DEJvKjVkdqIljdRNC6e64X4nHXByb3w2Qf DWcUoFX0F1kNMDMJNDakeDnK8MKps+ZS/h4wIL9foSpx47S4e8N+PRjlMrQF+DSKDBBE /CjmFi9sTs2GZaYM98qU9F9XQ2uXAPgFBnfLVn2jz+MMYRAgDdwOVSMVAqXRBp4Mp4Ce /B9A==
MIME-Version: 1.0
X-Received: by with SMTP id i2mr14375712igi.40.1433778019116; Mon, 08 Jun 2015 08:40:19 -0700 (PDT)
Received: by with HTTP; Mon, 8 Jun 2015 08:40:19 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Mon, 08 Jun 2015 11:40:19 -0400
X-Google-Sender-Auth: SBeF-6-GRI8PbOT0JspvV1MHLWo
Message-ID: <>
From: Barry Leiba <>
To: Kathleen Moriarty <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc:,,,, The IESG <>, "" <>
Subject: Re: [OAUTH-WG] Barry Leiba's No Objection on draft-ietf-oauth-introspection-09: (with COMMENT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Jun 2015 15:40:50 -0000

>> -- Section 3.1 --
>> I'd REALLY like to see us stop trying to tell IANA how to handle review
>> by designated experts.  This should be re-cast as instructions to the DE
>> (to make sure that the mailing list is consulted), and IANA should be
>> left to handle the expert review with their existing process, which works
>> fine.
> OAuth and JOSE have been using mailing lists where several DEs are on the
> list and others can join.  These lists are separate from the WG mailing
> list.  DEs are names with IANA, but the spec review happens on that list,
> which is open.  This practice pre-date me as an AD.  I don't see what's
> wrong with it as it separates out the requests from the WG mailing list, but
> is still open and transparent.  Changing it now would alter how this spec
> works and would make it different from the other OAuth specs, which could be
> confusing.

I'm not objecting to the mailing list.  I'm objecting to telling IANA
how to integrate the mailing list into its procedure, which is
different from what its procedure is.  IANA initiates expert review
when it receives a request, contacting the DE and tracking the
process.  This tells IANA to send people directly to the mailing list,
and only to deal with requests from the DE.

The fact that requests need to be discussed on the mailing list is
something that the DE should be dealing with as part of her review,
and that takes us out of the business of telling IANA how to initiate
and track expert review, and making Oauth reviews different from those
for other protocols.