Re: Opsdir last call review of draft-ietf-httpbis-unprompted-auth-10 from David Schinazi on 2024-09-10 (ietf-http-wg@w3.org from July to September 2024)

From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 10 Sep 2024 08:59:25 -0700
To: Ran Chen <chen.ran@zte.com.cn>
Cc: ops-dir@ietf.org, draft-ietf-httpbis-unprompted-auth.all@ietf.org, ietf-http-wg@w3.org, last-call@ietf.org
Message-ID: <CAPDSy+6FYpHVEuLib1N4DRV4pp9hjESZZ7+ftPsaAahYkeJZNw@mail.gmail.com>

Hi Ran, and thanks for your review!
I've landed this commit in response to your comments:
https://github.com/httpwg/http-extensions/commit/2e9c339ff9229202d46e8fefe28392b2591b9f46
It will be included in the next draft revision, which I'll submit once IETF
LC is over.
More detailed responses inline below.

David

On Tue, Sep 10, 2024 at 2:09 AM Ran Chen via Datatracker <noreply@ietf.org>
wrote:

> Reviewer: Ran Chen
> Review result: Has Nits
>
> I have reviewed this document as part of the Ops area directorate's ongoing
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the Ops area directors.
> Document editors and WG chairs should treat these comments just like any
> other
> last-call comments.
>
> This document defines a new signature-based authentication scheme that is
> not
> probeable. Here are some comments and nits.
>
> ## Comments
> 1. Abstract
> I'm wondering if it's necessary to retain the phrase "at the time of
> writing
> this document" that appears in the Abstract of this document. I noticed
> that
> this sentence was originally added in version 07.
>

Good point, I've replaced it with "Prior to this document".

2. Section 2
> Please indicate the source of “the Authorization or Proxy-Authorization
> header
> field” mentioned in this section.
>

Added a reference.

3.Section 5 & 6
> There are references to "RFC8792" in Chapters 5 and 6. But it is not
> displayed
> correctly: [RFC8792].
>

Which format has display issues? TXT or HTML?
This style matches the guidance from RFC 8792 itself.

## NITS:
>
> 1.Abstract
> s/HTTP/ Hypertext Transfer Protocol (HTTP)
>

HTTP is considered a known abbreviation, per
https://www.rfc-editor.org/rpc/wiki/doku.php?id=abbrev_list
See for example the abstract of RFC 9297.

2.Section 2
> s/the Authorization or Proxy-Authorization header field/ the Authorization
> (or
> Proxy-Authorization) header field   Note: The whole text remains consistent
>

Done.

3. Section 3
> OLD --> When a client wishes to uses the Concealed HTTP authentication
> scheme
> with a request. NEW --> When a client wishes to use the Concealed HTTP
> authentication scheme with a request.
>

Done.

Received on Tuesday, 10 September 2024 15:59:42 UTC