Thanks for addressing my review comments in -27. We can now change my review
status from "Has Issues" to "Ready".
Other SecDir people - how do I change the status of the review in the
datatracker?
The only remaining bug I found is typographical. In 4.2.1, the underscore is
missing from access_token in "(and potentially access token)". This is true in
both the .txt and .html renderings.
-- Mike
From: Daniel Fett <m...@danielfett.de>
Sent: Monday, April 29, 2024 6:06 AM
To: Michael Jones <michael_b_jo...@hotmail.com>; sec...@ietf.org
Cc: draft-ietf-oauth-security-topics....@ietf.org; last-c...@ietf.org;
oauth@ietf.org
Subject: Re: Secdir last call review of draft-ietf-oauth-security-topics-26
Thank you for your review, Mike!
I created a PR addressing your comments:
https://github.com/oauthstuff/draft-ietf-oauth-security-topics/pull/91/files
Please let me know if this looks good to you, I'll then release a new version
with these changes.
Am 29.04.24 um 03:40 schrieb Michael Jones via Datatracker:
There's a lot of duplicated text between 4.11.2. Authorization Server as Open
Redirector and 4.17. Authorization Server Redirecting to Phishing Site.
Consider refactoring to eliminate or reduce the duplication.
This was by mistake. The section 4.17 was supposed to be merged into 4.11.2
since it addresses the same attack. I removed 4.17 in the new version.
-Daniel
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
