TCSE - 3.3 - code_verifier length

Reported by Brian Campbell in OAuth WG:

I notice that code_verifier is defined as "high entropy cryptographic random string of length less than 128 bytes" [1], which brought a few questions and comments to mind. So here goes:

Talking about the length of a string in terms of bytes is always potentially confusing. Maybe characters would be an easier unit for people like me to wrap their little brains around?

Why are we putting a length restriction on the code_verifier anyway? It seems like it'd be more appropriate to restrict the length of the code_challenge because that's the thing the AS will have to maintain somehow (store in a DB or memory or encrypt into the code). Am I missing something here?

Let me also say that I hadn't looked at this document since its early days in draft -00 or -01 last summer but I like the changes and how it's been kept pretty simple for the common use-case while still allowing for crypto agility/extension. Nice work!

[1] http://tools.ietf.org/html/draft-sakimura-oauth-tcse-03#section-3.3