RFC 5849, "The OAuth 1.0 Protocol", April 2010
Note: This RFC has been obsoleted by RFC 6749Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
Errata ID: 2860
Status: Held for Document Update
Reported By: houtsnip
Date Reported: 2011-07-13
Held for Document Update by: Peter Saint-Andre
Section 188.8.131.52. says:
5. The request parameters as normalized in Section 184.108.40.206.2, after being encoded (Section 3.6).
It should say:
5. The request parameters as normalized in Section 220.127.116.11.2, and then encoded (Section 3.6). [or ...] 5. The normalized request parameter string (see Section 18.104.22.168.2), after being encoded.
It is not clear, from the way you write, whether you mean that the request parameters are first encoded, and then normalized, or the other way round.
When the sentence is read out of context, the meaning seems to be that the request parameters are first encoded, and then normalized, which is not what is actually meant. The real meaning can only be understood by looking at the sentence preceding the list: 'The signature base string is constructed by concatenating together, in order, the following HTTP request elements'. Then you understand that the request parameters are not *normalized* 'after being encoded', but are *concatenated* 'after being encoded'.
It was confusing enough for me, and my first language is English. Until I started filling in this erratum (and until I really looked at it closely), I really thought it was a technical error, and you'd just got it wrong.