Re: [OAUTH-WG] [Gen-art] Genart last call review of draft-ietf-oauth-device-flow-10
Robert Sparks <rjsparks@nostrum.com> Fri, 20 July 2018 17:37 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4CE130DEE; Fri, 20 Jul 2018 10:37:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D4sEOPKC4ESE; Fri, 20 Jul 2018 10:37:24 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 714BF130F74; Fri, 20 Jul 2018 10:37:21 -0700 (PDT)
Received: from dhcp-84b0.meeting.ietf.org (dhcp-84b0.meeting.ietf.org [31.133.132.176]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w6KHbIKh017114 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 20 Jul 2018 12:37:19 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
From: Robert Sparks <rjsparks@nostrum.com>
To: gen-art@ietf.org
Cc: draft-ietf-oauth-device-flow.all@ietf.org, ietf@ietf.org, oauth@ietf.org
References: <152873404689.2672.12557627140070509936@ietfa.amsl.com>
Message-ID: <c53a8e8f-7873-3c5a-aa6f-3e0a896c9a88@nostrum.com>
Date: Fri, 20 Jul 2018 13:37:15 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <152873404689.2672.12557627140070509936@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/xFhJ-B5jCpWe9rgjcHidfMUZNlk>
Subject: Re: [OAUTH-WG] [Gen-art] Genart last call review of draft-ietf-oauth-device-flow-10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 17:37:27 -0000
As far as I can tell, there has been no response to this. The document revision just updated a reference to reflect an rfc having been published. Apologies if I missed a response. RjS On 6/11/18 12:20 PM, Robert Sparks wrote: > Reviewer: Robert Sparks > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-oauth-device-flow-10 > Reviewer: Robert Sparks > Review Date: 2018-06-11 > IETF LC End Date: 2018-06-12 > IESG Telechat date: Not scheduled for a telechat > > Summary: Ready for publication as a Proposed Standard RFC, but with nits to > consider > > Nits/editorial comments: > > In 3.5 "the client MUST use a reasonable default polling interval" is not > testable. Who determines "reasonable"? At the very least, you should add some > text about how to determine what "reasonable" is for a given device, and add > some text that says don't poll faster than earlier responses limited you to. > For example, if the response at step B in the introductory diagram had an > explicit interval of 15, but a slow-down response to an E message didn't have > an explicit interval, you don't want them to default to, say 5 seconds (because > that's what the example in section 3.2 said, so it must be reasonable). > > In 3.3, you say the device_code MUST NOT be displayed or communicated. Is there > a security property that's lost if there is? Or is this just saying "Don't > waste space or the user's time"? > > The last paragraph of section 6.1 feels like a recipe for false positives, and > for bug-entrenched code. Please reconsider it. > > You need line-folding in the example in section 3.2 > > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [OAUTH-WG] Genart last call review of draft-ietf-… Robert Sparks
- Re: [OAUTH-WG] [Gen-art] Genart last call review … Robert Sparks
- Re: [OAUTH-WG] [Gen-art] Genart last call review … Alissa Cooper
- Re: [OAUTH-WG] [Gen-art] Genart last call review … William Denniss
- Re: [OAUTH-WG] Genart last call review of draft-i… William Denniss
- Re: [OAUTH-WG] Genart last call review of draft-i… Robert Sparks