But, while it may be clear to you, what I'm saying here is that it's not
clear to a reader/implementer.
Somehow the conversion from a character string to an octet string needs to
be clearly and unambiguously stated. It doesn't have to be the text I
suggested but it's not sufficient as it is now.
Campbell
Cc: oauth; Naveen Agarwal
Subject: Re: [OAUTH-WG] PKCE: SHA256(WAT?)
Have a look at the latest version I added OCTETS(STRING) to show the
conversion. ASCII(STRING) seemed more confusing by drawing character
encoding back in.
I was tempted to call it a octet array
*To:* Brian Campbell
*Cc:* oauth; Naveen Agarwal
*Subject:* Re: [OAUTH-WG] PKCE: SHA256(WAT?)
Have a look at the latest version I added OCTETS(STRING) to show the
conversion. ASCII(STRING) seemed more confusing by drawing character
encoding back in.
I was tempted to call it a octet
Bradley
Sent: Friday, January 30, 2015 11:33 AM
To: Brian Campbell
Cc: oauth; Naveen Agarwal
Subject: Re: [OAUTH-WG] PKCE: SHA256(WAT?)
Have a look at the latest version I added OCTETS(STRING) to show the
conversion. ASCII(STRING) seemed more confusing by drawing character
Have a look at the latest version I added OCTETS(STRING) to show the
conversion. ASCII(STRING) seemed more confusing by drawing character encoding
back in.
I was tempted to call it a octet array without the terminating NULL of STRING
but didn’t want to introduce array.
Let me know what you
I do not think we need ASCII(). It is quite clear without it, I suppose.
In 4.1, I would rather do like:
code_verifier = high entropy cryptographic random
octet sequence using the url and filename safe Alphabet [A-Z] / [a-z]
/ [0-9] / - / _ from Sec 5 of RFC 4648 [RFC4648], with length
That's definitely an improvement (to me anyway).
Checking that the rest of the document uses those notations appropriately,
I think, yields a few other changes. And probably begs for the
ASCII(STRING) denotes the octets of the ASCII representation of STRING
notation/function, or something like
FYI, we are now tracking this issue at:
https://bitbucket.org/Nat/oauth-spop/issue/32/clean-up-definitions
2015-01-30 8:15 GMT+09:00 Brian Campbell bcampb...@pingidentity.com:
In §2 [1] we've got SHA256(STRING) denotes a SHA2 256bit hash [RFC6234]
of STRING.
But, in the little cow town