Last Call Review of draft-ietf-oauth-v2-bearer-
review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17-00
| Request | Review of | draft-ietf-oauth-v2-bearer |
|---|---|---|
| Requested revision | No specific revision (document currently at 23) | |
| Type | Last Call Review | |
| Team | General Area Review Team (Gen-ART) (genart) | |
| Deadline | 2012-06-27 | |
| Requested | 2012-04-12 | |
| Authors | Michael Jones , Dick Hardt | |
| Draft last updated | 2012-07-17 | |
| Completed reviews |
Genart Last Call review of -??
by
Alexey Melnikov
Genart Telechat review of -?? by Alexey Melnikov Genart Last Call review of -?? by Alexey Melnikov |
|
| Assignment | Reviewer | Alexey Melnikov |
| State | Completed | |
| Review |
review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17
|
|
| Completed | 2012-07-17 |
review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17-00
I am still Ok with -22, but I have 1 new comment raised by introduction of the base64 ABNF non terminal: I think it would be worth adding a comment for b64token that points to the base64 RFC. The current ABNF is too permissive (arbitrary number of "=" allowed at the end) and there are enough broken base64 parsers around (parsers that ignore everything after a "=", parsers that support arbitrary number of "=" at the end, etc.), so we shouldn't encourage creation of new ones.