Last Call Review of draft-bryan-metalinkhttp-

Request Review of draft-bryan-metalinkhttp
Requested rev. no specific revision (document currently at 22)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-02-15
Requested 2011-01-25
Authors Peter Poeml, Tatsuhiro Tsujikawa, Henrik Nordstrom, Anthony Bryan, Neil McNab
Draft last updated 2011-02-01
Completed reviews Secdir Last Call review of -?? by Jürgen Schönwälder
Assignment Reviewer Jürgen Schönwälder 
State Completed
Review review-bryan-metalinkhttp-secdir-lc-schoenwaelder-2011-02-01
Review completed: 2011-02-01


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Metalink provides meta information about resources such as locations
where copies can be found or checksums. This specification defines how
Metalink data can be transported as HTTP header lines. The document is
generally easy to follow. The security considerations seem to be short
but appropriate.

That said, it seems the text in section 3 is not final in the sense
that there might still be an open issue, although there is also text
that says that it is up to the server to decide how many Link headers
to send. The fix might be as simple as removing the following text:

   [[Some organizations have many mirrors.  Only send a few mirrors, or
   only use the Link header fields if Want-Digest is used?]]

But then Appendix C lists this again as an open issue, together with a
question whether partial hashes should be carried in HTTP as
well. Perhaps the answer is "no" and this is just an old open issue
item - I can't judge.

Editorial nits:

- p1: s/althought/although/

- p7: s/fieldss/fields/

- p10: s/fieldss/fields/

- p11: s/fieldss/fields/

- p11: s/fieldss/fields/

- p11: s/syncronisation/synchronisation

- p12: s/cyptographic/cryptographic

- p13: s/fieldss/fields/

- p15: s/reponse/response/


Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <