+1
=nat via iPhone
Aug 28, 2014 6:27、Brian Campbell のメッセージ:
> There was a previous discussion
> (http://www.ietf.org/mail-archive/web/oauth/current/msg12860.html and other
> messages in the thread) about lengths where the general consensus seemed to
> be that the length restriction should b
There was a previous discussion (
http://www.ietf.org/mail-archive/web/oauth/current/msg12860.html and other
messages in the thread) about lengths where the general consensus seemed to
be that the length restriction should be on both the code_verifier and the
code_challenge parameter values. And a
Not all of us look at individual drafts, and thus I have not previously read
this, but I did this morning and find that there are issues with the way the
"code challenge" is specified as this requires pre negation of what/how that
value was achieved and a large scale deployment that is almost im
OK that explains it.
You are basically giving the authors and reviewers a hurry up as it is security
related.
Nat and I will give it a higher priority then.
Nat and I would like feedback on it quickly then.
As you point out it is not a complex extension and has been deployed in a
number of c
Based on the reaction from a few I thought I should add a few words
about this working group last call.
There is no requirement to wait a specific timeframe after a document
became a WG item to issue a working group last call.
In this specific case, the document was around for a while and I didn'
