Re: [OAUTH-WG] Éric Vyncke's No Objection on draft-ietf-oauth-jwsreq-32: (with COMMENT)

Mike Jones <Michael.Jones@microsoft.com> Thu, 08 April 2021 04:44 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5F693A38F1; Wed, 7 Apr 2021 21:44:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KULKGF477ksJ; Wed, 7 Apr 2021 21:44:37 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640097.outbound.protection.outlook.com [40.107.64.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16E663A38F9; Wed, 7 Apr 2021 21:44:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LldVwI6kNBmUdfN7zr6mpvtue3pD0nhzxdEQmSZkinyLqVLMyJDHDqdqr76ADHzw+ANwZB3nwQh7TF5LU6tdLyCYBMTBIp0T7uSx5SppT33+jpiFd0kCTl8qqeKhuBlrDBK75nzWnwSbRKsI3wBtByXjKjqawY4egbpF+B8eUhynvre1NX5H7QGjGpf4cQz8M7GV4u4KKWMC9OZU/zy+XMXfkSvF6JEO0SF8Yq3jqNsunKOp/AoUu8kEG8aEJRDYTfk9ZtwBk5giPy5SBTDTHkP7M5Tthw5QbcBamz3ZNgdGRqmvzBcZwwl45zpIqLBiMS4UfEl5banf/xLv/EqQ0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B/grCNfGJW6FkRY/r8kt4R0I2yZspFVkaxL3swrTrVs=; b=dkICRC1c7ZRPQ/O48eCVWrkV0fEWEU3MmqjCgyfIBFGsXwzParNbmI0LbWqF1TdzsIV+1w2UuvluPWo/EDmMebGkVCLugEeULK+4OB7LyEInwRkKlhmNhcgz2iPo3lkHuDIx2MOf474F0eQupb+DpjQScP+4OsHPbKO9MsH7porjPPWfix9ZMh8ak6j7JSU8R+ocgJPlc+/Mb2FSW8ZpLamw4oi2iv7NRqNnUOzrpKAV2v5WRfXoUwX9EBH8xWxpIUNsBniDJl7cj6rpasZ8xwUfN5SCiuHMW/07aacjncwKwG+NxlpZ0djsjYQIQ846zHLXuwOTToczaPLf4v0cVg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B/grCNfGJW6FkRY/r8kt4R0I2yZspFVkaxL3swrTrVs=; b=KSntSwDUjkf8wj01WmdkeeO8zIaK9xJT3PWWnunJ/0yoO+9KqKrEBZ2hV6tfr/kKGai1N6GqTASgg7V3Ebr//iGGZAWEHwXritXqqj0wZtBeBhIDwiiwdbSVAcWEHd314hUEbEdeuCAlWwVBdt3K/RcOoY6tKxmqIdPmbw/N7ZA=
Received: from DM5PR00MB0421.namprd00.prod.outlook.com (2603:10b6:4:a0::33) by DM6PR00MB0751.namprd00.prod.outlook.com (2603:10b6:5:1be::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4056.0; Thu, 8 Apr 2021 04:44:30 +0000
Received: from DM5PR00MB0421.namprd00.prod.outlook.com ([fe80::e553:4e87:8c7e:63d5]) by DM5PR00MB0421.namprd00.prod.outlook.com ([fe80::e553:4e87:8c7e:63d5%7]) with mapi id 15.20.4056.000; Thu, 8 Apr 2021 04:44:30 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "evyncke@cisco.com" <evyncke@cisco.com>, "iesg@ietf.org" <iesg@ietf.org>
CC: "draft-ietf-oauth-jwsreq@ietf.org" <draft-ietf-oauth-jwsreq@ietf.org>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>, "Hannes.Tschofenig@gmx.net" <Hannes.Tschofenig@gmx.net>
Thread-Topic: =?utf-8?B?w4lyaWMgVnluY2tlJ3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtb2F1?= =?utf-8?Q?th-jwsreq-32:_(with_COMMENT)?=
Thread-Index: AdcsMdpvP7kT4KrMSkq32B7JGYoiNA==
Date: Thu, 8 Apr 2021 04:44:30 +0000
Message-ID: <DM5PR00MB04215EABD6446DAD1763B945F5749@DM5PR00MB0421.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-04-08T02:15:00Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=5dcb7e2a-8e5e-4a55-b62f-ff9be88fc627; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [172.56.42.184]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2e5695c9-5302-4b30-92f9-08d8fa48ff94
x-ms-traffictypediagnostic: DM6PR00MB0751:
x-microsoft-antispam-prvs: <DM6PR00MB0751A92EAE7F45FECE1670B3F5749@DM6PR00MB0751.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NM0I3qn1+OlH24dw897DPQpfKRhx1EVCnmc21f2b5IW9a994uZgRcAXXM/Zm9RDMFiUU2DQR/MmfLcjYJ61pXOXv5WNJl0gngIfzzkFUlnWO+AKsDBynav1yJhJFgURyrDQZ/QMzQiYg5Ebdh/fUvOtZrt+AJMnzecZ5QyfYn0QT1qq+Nq01wd5tUOw7j3icUWQswrPq71Qdg7RGknxOCNsAMLM4e4yZjHGHv2yPgVW7fC6PTyw4LtfQVtYrA4pawjqhSKm5O4f0vtMq+hMJ50IiFXuxTN1+msuZNNo02TC81+NXKpg5EI2HkYyCN6f306lVPHdndYReOUgaE+UXEQtHjVEJFbsmUYAbpX0JAT0CwJbjG4W9xzclF/juXOTgAporxxRWLdYS9BZqEqW6YGGpLHJjcco839CfiJKytSbyqqcmEFzJXYxFA0QghjgEX1yqX04YlBRdap0bXi41ycQK+HmqbCIyXF/C6nZH8ru4IXhH+8jvzA894iakrDfpOabYxyAOulOj4wxh/KT3LHOCaGz9sE/4VUHvwF1F/2vRm+8u7mAPyiIGrdP21cm+V0qp1+UH4F/xzEkg87Qst4pfYMotisw69LaXf99vVQgv6/yEp9GWi2MrZnJmKLM/w60Re3v9WOW04/8bAhdSiHEubzekfr0uGbBKrHyxv1wfyMNLIiX3PDrniL9RYSSHUfaYzOkFRXD5DfQChwOEBwZWdd09JE5wY8xk/BL6sZQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR00MB0421.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(8936002)(2906002)(86362001)(26005)(5660300002)(55016002)(71200400001)(186003)(52536014)(478600001)(83380400001)(54906003)(8990500004)(110136005)(33656002)(966005)(7696005)(10290500003)(4326008)(66476007)(9686003)(66946007)(6506007)(316002)(82950400001)(224303003)(38100700001)(76116006)(66556008)(82960400001)(64756008)(66446008)(53546011); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?MS9tUGdjUXFPKzhjQmJVWVdZRWFCUW01TGdjSmpTY0JQTTl2UDBtK0pOci9J?= =?utf-8?B?YWZnRVMxRjZsbUI0WkZUUWFON1VSV05lRENManFVV0VYdWJlaHppcGViMHU0?= =?utf-8?B?bm41MHFFTVV5L1dPT0Urci8ySFYzS2JnTlJGTjNDVlRla1hBZ21aVEVpY09z?= =?utf-8?B?Vit2TDF6WXIvZWFIR3pmZUlJUVFUei9OWmFWWVNtaXdmZUc4UTVTd0Jkemww?= =?utf-8?B?RVZOMmJhd2dhZU1veGNENjdyS3JoVnZzckR5U2xDTkl0RmhpR25jMnRsdXMv?= =?utf-8?B?L2ptSzRNbFpDbGFYbHRmNzJDY1pXL2k5S1ZxT2FLblRiVjI4b1RQSXVKSmxD?= =?utf-8?B?c3FNcWRtbGIzS3lHbmIwT1UxSWoxZy90bWZWMG9Ld3JxaU5CNDUzd0NnN1NR?= =?utf-8?B?blNSelhldERaUWc5UTVzYkxKcVRUL2c2RkJzTjE5K0FGZDg4MHZWNDdyaFZP?= =?utf-8?B?V0VWbEllWXUydXUyTnU3V1ZnL256dFExbHkzRFk2c3VvS1pWTjVPQzVpNUNU?= =?utf-8?B?ZXNuU2pYMnRaeTlQakVlc0YxWkZ4YTBYR0VHdDBOa3R5b21VOEJhVWdSZ1Ur?= =?utf-8?B?NXA1Q3Zvd3BYaFNLbVJQVlN4SXpJTFhlOHMyQzFLRWxGVmlkeStFc3FIaGti?= =?utf-8?B?bjYxVExOZTNwRmRRYWJ6amkxTHQrNVVGazk4L0RVL1l6V1NjU2crelZBOEx2?= =?utf-8?B?bWNrWW1BRjhVSmZmY3pjQVd0WjRRU2VkQnUwSEwyc1VEdHZEQ1NBTnZVeENh?= =?utf-8?B?Y0xYaEczZUFCL3k4VDBIVkRRNlB3ZW91VVNqOFovaU1QYnF1SUxnK3hPOGxj?= =?utf-8?B?YVRLQU5wZ1dneGsydzNJMWt2VEtPa3BkSm5TNWd0dkdVV0ZTOVJTYVpnb3J6?= =?utf-8?B?VXA4ZXh0MlJZTTROcjN5aTZFamNJNHN0Nkp0SjNYeGlJdTZHMDhUNWFZSGcz?= =?utf-8?B?SHQxdFdrQ1dlMmdudk9MTFllU0lxNTU4YUNBc3lhaXVNWlByV1ZTdzRObnZ0?= =?utf-8?B?aFlVd0Y3eHBmaW5rZU9kZUpVMnRhZDcraGNFUzRWaCt6NUkweWJPNys5TUQ0?= =?utf-8?B?NExrSHVTOFlJVTFldzU3U2NWRit4eDdqN3ZaS0pPaDNEWEdZam9adm03R0xE?= =?utf-8?B?UlpQd0NhSlRzVTZuMjRSdmNGNUtXcTBTU1ZuZGkwU2EzQXZMZitOeTV1MVVH?= =?utf-8?B?VGhWdGtGQ0RkUjQzUVRHcUlvV05BTjdHd2pDZEVBZENaMFhJNVFVd1hyRWto?= =?utf-8?B?OXVoclB6VXVuRHJTQkptdUJuaStSVk5IbkpyWGdqZFluUjdFWUxlTEZUSWpl?= =?utf-8?B?V282a1g5V1BGMTYxaGNxTmlEUE9iaXZ5am9vOUlhRTloS1I1eUh6R0xaaG1a?= =?utf-8?B?ZlhvWk9rNEd4WnNESFlmcjZoYTVTRVhkME9GWHVDUDBYRGROY1lWZVFWNVhs?= =?utf-8?B?UVp6aXhpeVd4RmRJUjU0S2svQTNlL1JMazRDdHZ1Nzh5WFdkdGdscmFKRmtH?= =?utf-8?B?b1dIYW9CM3ozOUZmZjJEcWxrNlA2VDFmTXZSVVU5c0N6c2NCc084N3B0YTY3?= =?utf-8?B?eW43M3pLamkrZldXL2JsdGl6Tkl4dlFKQ1ltd25nSmNBNnlTSzJnYUdCcEw1?= =?utf-8?B?L2VxRHFkUHRRRmxtRm9lMVNQV1k1TXJ3MDRxdTVXRzBvaTA1R2tVRTk2M25D?= =?utf-8?B?UVlQOHFQa2lhbmpoeWE3LzZ2K1JjZFZMWm1Wck8wZ2tPNG9pWWRSd1N1Z1l6?= =?utf-8?Q?WPfq5DRW2yutLzj6hIHc9utECutv9UhhdQwA2j1?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR00MB0421.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2e5695c9-5302-4b30-92f9-08d8fa48ff94
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2021 04:44:30.4202 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qInoym1N3NQ8JjNu5s1dmwJ8SOEImmld41n/ZpuhR9fD0TY2wSr0rJ8RKozoSIMIHSmHsSmDNqWSUaJVBIv7og==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0751
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/rp_0Y3KrnqRwLU_bp2F3ksNAHLE>
Subject: Re: [OAUTH-WG] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-?= =?utf-8?q?ietf-oauth-jwsreq-32=3A_=28with_COMMENT=29?=
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 04:44:47 -0000

Thanks for your review, Éric.  We've published https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-33 to address your and other IESG comments.

Responses are inline below, prefixed by "Mike>".

-----Original Message-----
From: Éric Vyncke via Datatracker <noreply@ietf.org> 
Sent: Tuesday, April 6, 2021 7:49 AM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-oauth-jwsreq@ietf.org; oauth-chairs@ietf.org; oauth@ietf.org; Hannes.Tschofenig@gmx.net
Subject: Éric Vyncke's No Objection on draft-ietf-oauth-jwsreq-32: (with COMMENT)

Éric Vyncke has entered the following ballot position for
draft-ietf-oauth-jwsreq-32: No Objection

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for the work put into this document. Not too many differences since my review on the -26 (hence I reviewed mainly the diff).

Please find below some non-blocking COMMENT points (but replies would be appreciated).

I hope that this helps to improve the document,

Regards,

-éric

== COMMENTS ==

-- Section 1 --
Is it normal that the abstract has a) and b) while the introduction has a), b), and c) ?

Mike> Thanks for the catch.  We've added (c) to the abstract.

-- Section 5.2 --
I see that "Many phones in the market as of this writing" is still in the text... Does this assertion still hold in 2021 ? Is it backed by some references ?

Mike> I'm not sure the degree to which this is still true.  Also referring to this rationale, Lars Eggert suggested that we change the "MUST NOT exceed 512 characters" to "SHOULD NOT exceed 512 characters".  We have addressed this in the manner suggested by Lars.

				Thanks again,
				-- Mike