AD Review of draft-ietf-httpbis-client-cert-field-04

# AD Review of draft-ietf-httpbis-client-cert-field-04
cc @fpalombini

Thank you for this document.

No major comments from me, only one comment around a normative MUST and some nits, which you can address together with any other last call comments.

I also note that the consensus of the wg is for it to be informational, which is fine since I understand this document is meant to be the reference specification for two IANA registrations that are "specification required", but it read to me as a standard track doc. As the wg has discussed and gotten consensus around informational, I don't expect any change, just bringing it up one last time before LC since I expect there might be more comments in LC and IESG eval.

## Comments

### MUST prevent unintended use

Section 4:
> Therefore, steps MUST be taken to prevent unintended use, both in sending the header field and in relying on its value.

This might simply be a formulation problem, but when I read it I am not sure this is a MUST the reader will know how to implement.

## Nits

### Editorial nits

Section 4:
> The configuration options and request sanitization are necessarily functionally of the respective servers.

s/necessarily functionally/necessary functions ?

### Considerations considered

Funny title for Appendix B :) Where are the considerations not considered?

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues.


Received on Monday, 6 February 2023 16:42:29 UTC