Last Call Review of draft-ietf-httpbis-replay-02
review-ietf-httpbis-replay-02-genart-lc-kline-2018-04-23-00

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-httpbis-replay-02
Reviewer: Erik Kline
Review Date: 2018-04-23
IETF LC End Date: 2018-04-23
IESG Telechat date: Not scheduled for a telechat

Summary:

This draft is basically ready for publication, but has nits that should be
fixed before publication.  These nits are mostly about satisfying my ignorance.

Major issues:  None

Minor issues:  None

Nits/editorial comments:

[1] Some bibliography are to old versions (TLS1.3 links to v21, current is
v28).  I assume that’ll just "fix itself" before publication.  =)

[2] Section 3, paragraph 1: not just session cookie, but non-zero
max_early_data_size option? I couldn’t find explicit mention of
max_early_data_size = 0 in TLS13v28, so perhaps it can’t be sent?

[3] Section 3, paragraph LAST-1: “even if the server rejects the request” scans
awkwardly to me in the context of "requests" in the first half of the sentence.
“Even if the server ultimately rejects *one or more* of the requests by sending
a 425...”?  Perhaps I'm completely misreading something.

[4] Section 4, paragraph 4: after “or if the same server accepts early data
multiple times“ is there an implied “for the same session ticket” in the mind
of the expected reader?  Not sure if adding that is clarifying or redundant.

[5] Section 6.1: “SHOULD disable early data” refers to connections toward
servers (or next hops) or toward clients (or previous hops) or both?  (I’m
assuming the first, since doing so on a per-origin-server basis for incoming
requests as they arrived would require examining SNI, but perhaps that's
theoretically doable?)