APPSDIR review of draft-ietf-httpbis-p7-auth-24

I have been selected as the Applications Area Directorate reviewer 
for this draft (for background on APPSDIR, please see ).

Please resolve these comments along with any other Last Call comments 
you may receive. Please wait for direction from your document 
shepherd or AD before posting a new version of the draft.

Document: draft-ietf-httpbis-p7-auth-24
Title: Hypertext Transfer Protocol (HTTP/1.1): Authentication
Reviewer: S. Moonesamy
Review Date: October 29, 2013
IETF Last Call Date: October 21, 2013

Summary: This draft is almost ready for publication as a Proposed Standard.

This document defines the HTTP Authentication framework.

The document is well-written and clear.

Major Issues: None

Minor Issues:

In Section 1:

   "HTTP provides several OPTIONAL challenge-response authentication
    schemes that can be used by a server to challenge a client request
    and by a client to provide authentication information."

I suggest using RFC 2119 after Section 1.2.


In Section 2.1:

   "Additional mechanisms MAY be used, such as encryption at the transport
   level or via message encapsulation, and with additional header fields
   specifying authentication information."

The RFC 2119 "may" is unnecessary.

S. Moonesamy

Received on Wednesday, 30 October 2013 04:48:30 UTC