Last Call Review of draft-ietf-oauth-v2-bearer-
review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17-00
Request | Review of | draft-ietf-oauth-v2-bearer |
---|---|---|
Requested revision | No specific revision (document currently at 23) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2012-06-27 | |
Requested | 2012-04-12 | |
Authors | Michael B. Jones , Dick Hardt | |
I-D last updated | 2012-07-17 | |
Completed reviews |
Genart Last Call review of -??
by Alexey Melnikov
Genart Telechat review of -?? by Alexey Melnikov Genart Last Call review of -?? by Alexey Melnikov |
|
Assignment | Reviewer | Alexey Melnikov |
State | Completed | |
Request | Last Call review on draft-ietf-oauth-v2-bearer by General Area Review Team (Gen-ART) Assigned | |
Completed | 2012-07-17 |
review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17-00
I am still Ok with -22, but I have 1 new comment raised by introduction of the base64 ABNF non terminal: I think it would be worth adding a comment for b64token that points to the base64 RFC. The current ABNF is too permissive (arbitrary number of "=" allowed at the end) and there are enough broken base64 parsers around (parsers that ignore everything after a "=", parsers that support arbitrary number of "=" at the end, etc.), so we shouldn't encourage creation of new ones.