Last Call Review of draft-ietf-oauth-v2-bearer-
review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17-00

Request Review of draft-ietf-oauth-v2-bearer
Requested rev. no specific revision (document currently at 23)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2012-06-27
Requested 2012-04-12
Other Reviews Genart Last Call review of - by Alexey Melnikov (diff)
Genart Telechat review of - by Alexey Melnikov (diff)
Review State Completed
Reviewer Alexey Melnikov
Review review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17
Posted at http://www.ietf.org/mail-archive/web/gen-art/current/msg07614.html
Draft last updated 2012-07-17
Review completed: 2012-07-17

Review
review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17

I am still Ok with -22, but I have 1 new comment raised by introduction 


of the base64 ABNF non terminal:






I think it would be worth adding a comment for b64token that points to 


the base64 RFC. The current ABNF is too permissive (arbitrary number of 


"=" allowed at the end) and there are enough broken base64 parsers 


around (parsers that ignore everything after a "=", parsers that support 


arbitrary number of "=" at the end, etc.), so we shouldn't encourage 


creation of new ones.