[Last-Call] Re: Secdir last call review of draft-ietf-oauth-security-topics-26

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for addressing my review comments in -27.  We can now change my review status from “Has Issues” to “Ready”.

 

Other SecDir people – how do I change the status of the review in the datatracker?

 

The only remaining bug I found is typographical.  In 4.2.1, the underscore is missing from access_token in "(and potentially access token)".  This is true in both the .txt and .html renderings.

 

                                                                -- Mike

 

From: Daniel Fett <mail@xxxxxxxxxxxxx>
Sent: Monday, April 29, 2024 6:06 AM
To: Michael Jones <michael_b_jones@xxxxxxxxxxx>; secdir@xxxxxxxx
Cc: draft-ietf-oauth-security-topics.all@xxxxxxxx; last-call@xxxxxxxx; oauth@xxxxxxxx
Subject: Re: Secdir last call review of draft-ietf-oauth-security-topics-26

 

Thank you for your review, Mike!

I created a PR addressing your comments: https://github.com/oauthstuff/draft-ietf-oauth-security-topics/pull/91/files

Please let me know if this looks good to you, I'll then release a new version with these changes.

Am 29.04.24 um 03:40 schrieb Michael Jones via Datatracker:

There’s a lot of duplicated text between 4.11.2. Authorization Server as Open
Redirector and 4.17. Authorization Server Redirecting to Phishing Site. 
Consider refactoring to eliminate or reduce the duplication.

This was by mistake. The section 4.17 was supposed to be merged into 4.11.2 since it addresses the same attack. I removed 4.17 in the new version.

-Daniel

-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux