Early Review of draft-ietf-alto-new-transport-07
review-ietf-alto-new-transport-07-secdir-early-eastlake-2023-03-28-00
review-ietf-alto-new-transport-07-secdir-early-eastlake-2023-03-28-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other comments. The summary of the review is Ready with Nits. *Security:* While I'm not all that into ALTO, it seems to me that this draft is all about messages and message exchanges between ALTO entities where the security (authentication, encryption, ...) has been specified in previous standards track documents such as RFC 7285. There are a few additional security considerations which seem to be well covered by the Security Considerations section of this draft. *Nits:* Section 1.0, Page 4: OLD functioning for HTTP/1.x. TIPS also provides an ALTO server to NEW functioning for HTTP/1.x. TIPS also provides for an ALTO server to Section 2.1.1, Page 8: Seems too vague. A sentence about tips-view-uri wouldn't hurt. At the bottom it says "Use the URI as above". Which URI above? What exactly does "use" mean? Section 2.2, Page 9, Figure 3: Figure looks kind of incomplete. Shouldn't there be arrows from R1 to R2/R3? Section 2.3, Page 10: In the text on "Information Resource Directory" the first sentence is confusing. What is the thing that is requested to discover? Maybe you should replace "Requested" at the start of the sentence with "Produced when a server is requested"... Section 2.3, Page 11 at top: That's Figure 4, not 1. Section 2.4, Page 12, 1st paragraph: I think a service runs "over" a connection, not "inside" a connection. Section 4.4, Page 23: Seems kind of feeble. How about, given that a disconnect is treated as a DELETE, something like the following, which probably implies that the server maintains a use count. (This document need not mention such a count.) OLD set associated with the TIPS view. A server will not want to delete NEW set associated with the TIPS view. A server MUST NOT delete Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com