Thanks for your feedback, Patrick.
I forwarded your review comments to the IETF OAuth mailing list. Will
discuss it there.
-------- Original Message --------
Subject: Wording feedback in draft 3
Resent-To: [email protected], [email protected],
[email protected]
Date: Mon, 06 May 2013 16:49:41 -0700
From: Patrick Radtke <[email protected]>
To: [email protected]
I'm not sure how this is usually done, but here is some feedback on
wording that I found confusing. I didn't know where to look to determine
if this feedback has already been given.
128 Since a keyed message digest only provides integrity protection and
129 data-origin authentication confidentiality protection can only be
130 added by the usage of Transport Layer Security (TLS).
What is the 'since' implying? Usually 'since' would be used to imply an
action, but the rest of the sentence is just a statement. Maybe
"Transport Layer Security (TLS) MAY be used to provide data-origin
authentication confidentiality protection since a keyed message digest
only provides integrity protection"
323 The transport of the mac_key from the authorization server to the
324 resource server is accomplished by conveying the encrypting mac_key
325 inside the access token.
The phrase 'encrypting mac_key' is confusing, maybe because its a typo?
Is that suppose to be 'encrypted mac_key' or 'conveying the mac_key
inside the encrypted access token'?
591 the token). The content of the access token, in particular the
592 audience field and the scope, MUST be verified as described in
There is no reference after 'in'.
-Patrick
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
