W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2021

Re: Éric Vyncke's No Objection on draft-ietf-httpbis-bcp56bis-14: (with COMMENT)

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 26 Aug 2021 11:04:31 +1000
Cc: The IESG <iesg@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>
Message-Id: <C3822F7C-2F6F-495D-9148-172FB0EDF4A4@mnot.net>
To: Éric Vyncke <evyncke@cisco.com>
Hi Éric,

Thanks for the feedback. Responses below.

> On 26 Aug 2021, at 12:53 am, Éric Vyncke via Datatracker <noreply@ietf.org> wrote:
> 
> -- Section 2 --
> I am puzzled by the wording " The requirements in this document" in this BCP...
> Should it rather be "The applicability of this document..." ?

That would result in a construction like 'the applicability of this document is scoped to applications' which is a bit odd.

> The following bullet list is unclear whether it is a "OR" or a "AND".

Each entry (excepting the last) explicitly contains the word 'or'.

> -- Section 3.2 --
> s/Another common practice/Another common mistake/ ?

No - that practice is legitimate for non-standard applications.

> Some examples would be welcome as well.

A full example would increase the size of this section considerably, and I don't think we're quite ready to recommend specific practices here, beyond what RFC8288 does -- HTTPAPI is working on some ideas.

> -- Section 4.4.2 --
> Isn't the reference to RFC 7258 redundant in ""https" is RECOMMENDED to provide
> authentication, integrity and confidentiality, as well as mitigate pervasive
> monitoring attacks [RFC7258]." ?

I don't think so.

> -- Section 4.5 --
> In "they are required to be registered" should normative "REQUIRED" be used ?

They aren't required by this document, they're required by HTTP.

> Also, possibly naively, surprised by the absence of the "POST" method in the
> list of detailed methods.

Yeah, I know. We didn't come up with any text that was especially illuminating about it, so we left it out. 

Cheers,

--
Mark Nottingham   https://www.mnot.net/
Received on Thursday, 26 August 2021 01:04:53 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 26 August 2021 01:04:54 UTC