Last Call Review of draft-ietf-httpbis-binary-message-04
review-ietf-httpbis-binary-message-04-secdir-lc-migault-2022-06-01-00
Request | Review of | draft-ietf-httpbis-binary-message |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2022-06-03 | |
Requested | 2022-05-20 | |
Authors | Martin Thomson , Christopher A. Wood | |
I-D last updated | 2022-06-01 | |
Completed reviews |
Genart Last Call review of -04
by David Schinazi
(diff)
Artart Last Call review of -04 by James Gruessing (diff) Secdir Last Call review of -04 by Daniel Migault (diff) |
|
Assignment | Reviewer | Daniel Migault |
State | Completed | |
Request | Last Call review on draft-ietf-httpbis-binary-message by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/SpjV2c1g99RbLNLcJP4VaXDvTT4 | |
Reviewed revision | 04 (document currently at 06) | |
Result | Ready | |
Completed | 2022-06-01 |
review-ietf-httpbis-binary-message-04-secdir-lc-migault-2022-06-01-00
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last-call comments. abstract: """ As such, this format is unlikely to be suitable for applications that depend on an exact recording of the encoding of messages.""" I am wondering what it actually means. Typically, I do not see much differences between the content provided by bmessage and message. For my own information, in case a response is compressed I am wondering if the compression would occur "over" the bmessage or if the bmessage would include the compressed content. Section 3. I have the impression item 2 of the list could be more consistent with the other items that is starting with 2. interim response. By the way wouldn't informational response more appropriated ? Section 4 This document describes a number of ways that a message can be invalid. Invalid messages MUST NOT be processed except to log an error and produce an error response. The message seems to be at least processed to determined it is invalid. I believe what we are trying to say here is that the message must not be passed to the application or must be discarded as soon as it is detected to be invalid.