- From: Ben Campbell <ben@nostrum.com>
- Date: Tue, 11 Sep 2018 19:13:18 -0700
- To: "The IESG" <iesg@ietf.org>
- Cc: draft-ietf-httpbis-expect-ct@ietf.org, Mark Nottingham <mnot@mnot.net>, httpbis-chairs@ietf.org, mnot@mnot.net, ietf-http-wg@w3.org
Ben Campbell has entered the following ballot position for draft-ietf-httpbis-expect-ct-07: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this work. I'm balloting "Yes", but I have a few minor comments. Substantive: §2.1, step 6: Is there no room for local policy here? §2.1.3: The guidance for max-age in the security considerations section suggests 30 days is a good value. But the directive is specified in seconds. Does that make sense? Would a 1 second max-age ever be reasonable? Or even 30 days + 1 second? Editorial: - General: This uses a non-standard section order towards the end. Conventionally the last 2 sections should be security considerations and IANA considerations (although the order between those two varies.) §2.2.2: The second sentence is about UA behavior. It seems like that belongs somewhere under §2.3. §2.3: "SHALL be canonicalized" By the UA? (The use of passive voice here obscures the actor.)
Received on Wednesday, 12 September 2018 03:55:47 UTC