Last Call Review of draft-ietf-oauth-v2-bearer-
|Requested rev.||no specific revision (document currently at 23)|
|Type||Last Call Review|
|Team||General Area Review Team (Gen-ART) (genart)|
Genart Last Call review of - by Alexey Melnikov (diff)
Genart Telechat review of - by Alexey Melnikov (diff)
|Draft last updated||2012-07-17|
I am still Ok with -22, but I have 1 new comment raised by introduction of the base64 ABNF non terminal: I think it would be worth adding a comment for b64token that points to the base64 RFC. The current ABNF is too permissive (arbitrary number of "=" allowed at the end) and there are enough broken base64 parsers around (parsers that ignore everything after a "=", parsers that support arbitrary number of "=" at the end, etc.), so we shouldn't encourage creation of new ones.