IETF Last Call Review of draft-ietf-oauth-rfc7523bis-07
review-ietf-oauth-rfc7523bis-07-secdir-lc-salz-2026-04-10-00
| Request | Review of | draft-ietf-oauth-rfc7523bis |
|---|---|---|
| Requested revision | No specific revision (document currently at 11) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2026-04-10 | |
| Requested | 2026-03-27 | |
| Authors | Michael B. Jones , Brian Campbell , Chuck Mortimore , Filip Skokan | |
| I-D last updated | 2026-06-02 (Latest revision 2026-04-28) | |
| Completed reviews |
Artart IETF Last Call review of -07
by Jim Fenton
(diff)
Genart IETF Last Call review of -07 by Meral Shirazipour (diff) Opsdir IETF Last Call review of -07 by Luigi Iannone (diff) Secdir IETF Last Call review of -07 by Rich Salz (diff) |
|
| Assignment | Reviewer | Rich Salz |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-oauth-rfc7523bis by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/UMKIm1asxbfF6RARUINoZWUoxUA | |
| Reviewed revision | 07 (document currently at 11) | |
| Result | Has issues | |
| Completed | 2026-04-10 |
review-ietf-oauth-rfc7523bis-07-secdir-lc-salz-2026-04-10-00
This is the Security Directorate review for draft-ietf-oauth-rfc7523bis. The authors know what this kind of thing is. The Security ADs should treat this as any other last-call comments. Not surprisingly, I found the document pretty clear. I had to read a bunch of OAUTH RFCs to catch the context; as I'm mostly ignorant about it.. The only issue I found was that there discussion of backward compatibility other than Section 3, where it's kinda weakly stated. The identifier isn't changing, so at least a statement that it is backward compatible would be helpful I think.