[OAUTH-WG] [Technical Errata Reported] RFC8252 (8080)

RFC Errata System <rfc-editor@rfc-editor.org> Fri, 16 August 2024 23:58 UTC

Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CDACC14CE2C; Fri, 16 Aug 2024 16:58:04 -0700 (PDT)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id C39593B874; Fri, 16 Aug 2024 16:58:03 -0700 (PDT)
To: rfc8252@wdenniss.com, rfc8252@ve7jtb.com, debcooley1@gmail.com, paul.wouters@aiven.io, hannes.tschofenig@arm.com, rifaat.s.ietf@gmail.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240816235803.C39593B874@rfcpa.rfc-editor.org>
Date: Fri, 16 Aug 2024 16:58:03 -0700
Message-ID-Hash: GQVHT2EJAWVF5OM6HBHPNBH7PPZD5ERY
X-Message-ID-Hash: GQVHT2EJAWVF5OM6HBHPNBH7PPZD5ERY
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: bryce.m.thomas@gmail.com, oauth@ietf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] [Technical Errata Reported] RFC8252 (8080)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/rwMPNgc1StVXTaW-iuTuk3flkco>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

The following errata report has been submitted for RFC8252,
"OAuth 2.0 for Native Apps".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid8080

--------------------------------------
Type: Technical
Reported by: Bryce Thomas <bryce.m.thomas@gmail.com>

Section: 6 and 7.1

Original Text
-------------
> Any redirect URI that allows
   the app to receive the URI and inspect its parameters is viable.

and

> When choosing a URI scheme to associate with the app, apps MUST use a
   URI scheme based on a domain name under their control, expressed in
   reverse order, as recommended by Section 3.8 of [RFC7595] for
   private-use URI schemes.

These two statements appear to conflict.

Corrected Text
--------------
> Any redirect URI that allows
   the app to receive the URI and inspect its parameters is viable.

and

> When choosing a URI scheme to associate with the app, apps SHOULD use a
   URI scheme based on a domain name under their control, expressed in
   reverse order, as recommended by Section 3.8 of [RFC7595] for

Notes
-----
Suggest downgrading the section 7.1 text from MUST to SHOULD to resolve the conflict.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it 
will be removed shortly by the RFC Production Center.) Please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC8252 (draft-ietf-oauth-native-apps-12)
--------------------------------------
Title               : OAuth 2.0 for Native Apps
Publication Date    : October 2017
Author(s)           : W. Denniss, J. Bradley
Category            : BEST CURRENT PRACTICE
Source              : Web Authorization Protocol
Stream              : IETF
Verifying Party     : IESG