Last Call Review of draft-ietf-oauth-v2-bearer-
review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17-00

Request Review of draft-ietf-oauth-v2-bearer
Requested rev. no specific revision (document currently at 23)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2012-06-27
Requested 2012-04-12
Draft last updated 2012-07-17
Completed reviews Genart Last Call review of -?? by Alexey Melnikov
Genart Telechat review of -?? by Alexey Melnikov
Genart Last Call review of -?? by Alexey Melnikov
Assignment Reviewer Alexey Melnikov
State Completed
Review review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17
Review completed: 2012-07-17

Review
review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17

I am still Ok with -22, but I have 1 new comment raised by introduction 


of the base64 ABNF non terminal:






I think it would be worth adding a comment for b64token that points to 


the base64 RFC. The current ABNF is too permissive (arbitrary number of 


"=" allowed at the end) and there are enough broken base64 parsers 


around (parsers that ignore everything after a "=", parsers that support 


arbitrary number of "=" at the end, etc.), so we shouldn't encourage 


creation of new ones.