- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 26 Aug 2021 11:04:31 +1000
- To: Éric Vyncke <evyncke@cisco.com>
- Cc: The IESG <iesg@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>
Hi Éric, Thanks for the feedback. Responses below. > On 26 Aug 2021, at 12:53 am, Éric Vyncke via Datatracker <noreply@ietf.org> wrote: > > -- Section 2 -- > I am puzzled by the wording " The requirements in this document" in this BCP... > Should it rather be "The applicability of this document..." ? That would result in a construction like 'the applicability of this document is scoped to applications' which is a bit odd. > The following bullet list is unclear whether it is a "OR" or a "AND". Each entry (excepting the last) explicitly contains the word 'or'. > -- Section 3.2 -- > s/Another common practice/Another common mistake/ ? No - that practice is legitimate for non-standard applications. > Some examples would be welcome as well. A full example would increase the size of this section considerably, and I don't think we're quite ready to recommend specific practices here, beyond what RFC8288 does -- HTTPAPI is working on some ideas. > -- Section 4.4.2 -- > Isn't the reference to RFC 7258 redundant in ""https" is RECOMMENDED to provide > authentication, integrity and confidentiality, as well as mitigate pervasive > monitoring attacks [RFC7258]." ? I don't think so. > -- Section 4.5 -- > In "they are required to be registered" should normative "REQUIRED" be used ? They aren't required by this document, they're required by HTTP. > Also, possibly naively, surprised by the absence of the "POST" method in the > list of detailed methods. Yeah, I know. We didn't come up with any text that was especially illuminating about it, so we left it out. Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Thursday, 26 August 2021 01:04:53 UTC