Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (5708)
Justin Richer <jricher@mit.edu> Mon, 13 May 2019 18:06 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD1B2120242 for <oauth@ietfa.amsl.com>; Mon, 13 May 2019 11:06:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZSuB27m4jihM for <oauth@ietfa.amsl.com>; Mon, 13 May 2019 11:06:22 -0700 (PDT)
Received: from outgoing-exchange-7.mit.edu (outgoing-exchange-7.mit.edu [18.9.28.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BDE112021C for <oauth@ietf.org>; Mon, 13 May 2019 11:06:21 -0700 (PDT)
Received: from w92exedge4.exchange.mit.edu (W92EXEDGE4.EXCHANGE.MIT.EDU [18.7.73.16]) by outgoing-exchange-7.mit.edu (8.14.7/8.12.4) with ESMTP id x4DI5vlR004926; Mon, 13 May 2019 14:06:11 -0400
Received: from w92expo8.exchange.mit.edu (18.7.74.62) by w92exedge4.exchange.mit.edu (18.7.73.16) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Mon, 13 May 2019 14:05:43 -0400
Received: from oc11expo18.exchange.mit.edu (18.9.4.49) by w92expo8.exchange.mit.edu (18.7.74.62) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Mon, 13 May 2019 14:05:56 -0400
Received: from oc11expo18.exchange.mit.edu ([18.9.4.49]) by oc11expo18.exchange.mit.edu ([18.9.4.49]) with mapi id 15.00.1365.000; Mon, 13 May 2019 14:05:56 -0400
From: Justin Richer <jricher@mit.edu>
To: RFC Errata System <rfc-editor@rfc-editor.org>
CC: "dick.hardt@gmail.com" <dick.hardt@gmail.com>, "rdd@cert.org" <rdd@cert.org>, Benjamin J Kaduk <kaduk@mit.edu>, "Hannes.Tschofenig@gmx.net" <Hannes.Tschofenig@gmx.net>, "rifaat.ietf@gmail.com" <rifaat.ietf@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (5708)
Thread-Index: AQHU/oc1voaHnCPdv0iQAbSytvG7DaZpswSA
Date: Mon, 13 May 2019 18:05:56 +0000
Message-ID: <24DA2F1C-3EDD-40D7-A613-F72E1B565E51@mit.edu>
References: <20190429122916.42411B81DDA@rfc-editor.org>
In-Reply-To: <20190429122916.42411B81DDA@rfc-editor.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [71.174.62.56]
Content-Type: multipart/alternative; boundary="_000_24DA2F1C3EDD40D7A613F72E1B565E51mitedu_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/pBRsQeJ0wUtcAlhzGzfwzKQiwrY>
Subject: Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (5708)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 May 2019 18:06:25 -0000
I see the intent of the change but I don’t think this is actually at the level of an erratum. This seems to be a normative change on a key extension point. Additionally, with the singleton nature imposed by the current text, there’s a 1:1 mapping between the request parameters and a JSON object, as would be found in a signed request object. Anything that changes that assumption should not be taken lightly. — Justin On Apr 29, 2019, at 8:29 AM, RFC Errata System <rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org>> wrote: The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5708 -------------------------------------- Type: Editorial Reported by: Brian Campbell <bcampbell@pingidentity.com> Section: 3.1 and 3.2 Original Text ------------- Parameters sent without a value MUST be treated as if they were omitted from the request. The authorization server MUST ignore unrecognized request parameters. Request and response parameters MUST NOT be included more than once. Corrected Text -------------- Parameters sent without a value MUST be treated as if they were omitted from the request. The authorization server MUST ignore unrecognized request parameters. Request and response parameters defined by this specification MUST NOT be included more than once. Notes ----- Adds the text "defined by this specification" to the last sentence to clarify that the restriction only applies to parameters defined in RFC 6749 and not to unrecognized parameters or parameters defined by extension. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] [Editorial Errata Reported] RFC6749 (5… RFC Errata System
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Justin Richer
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… William Denniss