Skip to main content

Last Call Review of draft-ietf-httpbis-unprompted-auth-10
review-ietf-httpbis-unprompted-auth-10-opsdir-lc-chen-2024-09-10-00

Request Review of draft-ietf-httpbis-unprompted-auth
Requested revision No specific revision (document currently at 12)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2024-09-11
Requested 2024-08-28
Authors David Schinazi , David Oliver , Jonathan Hoyland
I-D last updated 2024-09-10
Completed reviews Secdir Last Call review of -10 by Rich Salz (diff)
Genart Last Call review of -10 by Reese Enghardt (diff)
Opsdir Last Call review of -10 by Ran Chen (diff)
Artart Last Call review of -10 by Robert Sparks (diff)
Assignment Reviewer Ran Chen
State Completed
Request Last Call review on draft-ietf-httpbis-unprompted-auth by Ops Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/ZlLV1140bxRL8tkRQd9wH_KuG0o
Reviewed revision 10 (document currently at 12)
Result Has nits
Completed 2024-09-10
review-ietf-httpbis-unprompted-auth-10-opsdir-lc-chen-2024-09-10-00
I have reviewed this document as part of the Ops area directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Ops area directors.
Document editors and WG chairs should treat these comments just like any other
last-call comments.

This document defines a new signature-based authentication scheme that is not
probeable. Here are some comments and nits.

## Comments
1. Abstract
I'm wondering if it's necessary to retain the phrase "at the time of writing
this document" that appears in the Abstract of this document. I noticed that
this sentence was originally added in version 07.

2. Section 2
Please indicate the source of “the Authorization or Proxy-Authorization header
field” mentioned in this section.

3.Section 5 & 6
There are references to "RFC8792" in Chapters 5 and 6. But it is not displayed
correctly: [RFC8792].

## NITS:

1.Abstract
s/HTTP/ Hypertext Transfer Protocol (HTTP)

2.Section 2
s/the Authorization or Proxy-Authorization header field/ the Authorization (or
Proxy-Authorization) header field   Note: The whole text remains consistent

3. Section 3
OLD --> When a client wishes to uses the Concealed HTTP authentication scheme
with a request. NEW --> When a client wishes to use the Concealed HTTP
authentication scheme with a request.

Best Regards,
Ran Chen