Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-09.txt

2015-02-05 Thread Bill Mills
Ah, BNF builtin parser error, that's 42*128.  I had parsed that as 128unreserved as the name. On Thursday, February 5, 2015 12:47 PM, John Bradley ve7...@ve7jtb.com wrote: We are discussing the minimum size,  the max is currently 128 characters. On Feb 5, 2015, at 5:11 PM, Bill

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-09.txt

2015-02-05 Thread John Bradley
Yes the current draft has 43 to 128 characters unreserved 43*128unreserved You can blame me for a lot of things but ABNF is not one of them:) John B. On Feb 5, 2015, at 5:54 PM, Bill Mills wmills_92...@yahoo.com wrote: Ah, BNF builtin parser error, that's 42*128. I had parsed that as

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-09.txt

2015-02-05 Thread Brian Campbell
To clarify what I said there: 22-chars (128 bits) seems like way more than enough for a lower limit when using the plain challenge method. When using the S256 challenge method, exactly 43 char (256 bits) should probably always be used. On Thu, Feb 5, 2015 at 11:09 AM, Brian Campbell

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-09.txt

2015-02-05 Thread John Bradley
Inline On Feb 4, 2015, at 10:43 PM, Manger, James james.h.man...@team.telstra.com wrote: Title : Proof Key for Code Exchange by OAuth Public Clients Filename: draft-ietf-oauth-spop-09.txt https://tools.ietf.org/html/draft-ietf-oauth-spop-09 Some nits on

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-09.txt

2015-02-05 Thread Brian Campbell
22-chars (128 bits) as a lower limit seems just fine for this case. ccm works for me but I don't feel strongly about it either way. On Thu, Feb 5, 2015 at 9:49 AM, John Bradley ve7...@ve7jtb.com wrote: Inline On Feb 4, 2015, at 10:43 PM, Manger, James james.h.man...@team.telstra.com

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-09.txt

2015-02-05 Thread Bill Mills
Is there a compelling reason to make that length fixed?   On Thursday, February 5, 2015 10:10 AM, Brian Campbell bcampb...@pingidentity.com wrote: 22-chars (128 bits) as a lower limit seems just fine for this case. ccm works for me but I don't feel strongly about it either way.

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-09.txt

2015-02-05 Thread John Bradley
We are discussing the minimum size, the max is currently 128 characters. On Feb 5, 2015, at 5:11 PM, Bill Mills wmills_92...@yahoo.com wrote: Is there a compelling reason to make that length fixed? On Thursday, February 5, 2015 10:10 AM, Brian Campbell bcampb...@pingidentity.com

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-09.txt

2015-02-04 Thread Manger, James
Title : Proof Key for Code Exchange by OAuth Public Clients Filename: draft-ietf-oauth-spop-09.txt https://tools.ietf.org/html/draft-ietf-oauth-spop-09 Some nits on this draft: 1. 42 chars. The lower limit of 42 chars for code_verifier: is not mentioned in prose

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-09.txt

2015-02-04 Thread Nat Sakimura
2015-02-05 10:43 GMT+09:00 Manger, James james.h.man...@team.telstra.com: Title : Proof Key for Code Exchange by OAuth Public Clients Filename: draft-ietf-oauth-spop-09.txt https://tools.ietf.org/html/draft-ietf-oauth-spop-09 Some nits on this draft: 1. 42