There was a previous discussion ( http://www.ietf.org/mail-archive/web/oauth/current/msg12860.html and other messages in the thread) about lengths where the general consensus seemed to be that the length restriction should be on both the code_verifier and the code_challenge parameter values. And also discussed in terms of octets rather than bytes. Those minor changes should be made as part of the WGLC process.
On Wed, Aug 27, 2014 at 10:40 AM, John Bradley <ve7...@ve7jtb.com> wrote: > OK that explains it. > > You are basically giving the authors and reviewers a hurry up as it is > security related. > > Nat and I will give it a higher priority then. > > Nat and I would like feedback on it quickly then. > > As you point out it is not a complex extension and has been deployed in a > number of cases. > > As long as we are clear that the authors aren’t trying to slip something > through. (In this case:) > > John B. > > On Aug 27, 2014, at 11:45 AM, Hannes Tschofenig <hannes.tschofe...@gmx.net> > wrote: > > > Based on the reaction from a few I thought I should add a few words > > about this working group last call. > > > > There is no requirement to wait a specific timeframe after a document > > became a WG item to issue a working group last call. > > > > In this specific case, the document was around for a while and I didn't > > see a reason for not-finishing it as soon as possible. > > > > Additionally, since the document deals with a security vulnerability > > that is being exploited today I thought it might make sense to get the > > attention from the group to review it. > > > > Finally, it is also a fairly "simple" document (if there is something as > > simple in this working group). > > > > Ciao > > Hannes > > > > On 08/26/2014 09:32 PM, Hannes Tschofenig wrote: > >> Hi all, > >> > >> This is a Last Call for comments on the "Symmetric Proof of Possession > >> for the OAuth Authorization Code Grant" specification. > >> > >> The document can be found here: > >> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/ > >> > >> Please have your comments in no later than September 9th. > >> > >> Ciao > >> Hannes & Derek > >> > >> > >> > >> _______________________________________________ > >> OAuth mailing list > >> OAuth@ietf.org > >> https://www.ietf.org/mailman/listinfo/oauth > >> > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
