Last Call Review of draft-ietf-jmap-websocket-04
review-ietf-jmap-websocket-04-genart-lc-dunbar-2019-12-10-00
Request | Review of | draft-ietf-jmap-websocket |
---|---|---|
Requested revision | No specific revision (document currently at 07) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2019-12-19 | |
Requested | 2019-12-05 | |
Authors | Kenneth Murchison | |
I-D last updated | 2019-12-10 | |
Completed reviews |
Secdir Last Call review of -04
by Leif Johansson
(diff)
Genart Last Call review of -04 by Linda Dunbar (diff) Tsvart Last Call review of -04 by Bob Briscoe (diff) |
|
Assignment | Reviewer | Linda Dunbar |
State | Completed | |
Request | Last Call review on draft-ietf-jmap-websocket by General Area Review Team (Gen-ART) Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/gen-art/HzPLoBN5iOzMEv0USZg0LNLM3To | |
Reviewed revision | 04 (document currently at 07) | |
Result | Ready w/nits | |
Completed | 2019-12-10 |
review-ietf-jmap-websocket-04-genart-lc-dunbar-2019-12-10-00
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-jmap-websocket-04 Reviewer: Linda Dunbar Review Date: 2019-12-10 IETF LC End Date: 2019-12-19 IESG Telechat date: Not scheduled for a telechat Summary: the document describes binding JSON Meta Application Protocol (JMAP) over a WebSocket Transport Layer (instead the current HTTP layer) The document is written very clear. I think it is ready with a few questions. 1. The current practice of binding JMAP over HTTP requires authentication for every request, vs. over WebSocket Transport only requires authentication at the initial OPEN step. What if there is Man in the Middle attack after the initial OPEN? 2. In the Introduction you stated that compression for HTTP requests has very low deployment. Is it because HTTP request only has very small packet size, therefore with very little benefit of compression? Major issues: Minor issues: Nits/editorial comments: Best Regards, Linda Dunbar