Skip to main content

Last Call Review of draft-ietf-teep-otrp-over-http-14
review-ietf-teep-otrp-over-http-14-secdir-lc-santesson-2022-10-17-00

Request Review of draft-ietf-teep-otrp-over-http
Requested revision No specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-04-07
Requested 2022-03-17
Authors Dave Thaler
Draft last updated 2022-10-17
Completed reviews Secdir Last Call review of -14 by Stefan Santesson
Artart Last Call review of -13 by Carsten Bormann (diff)
Genart Last Call review of -13 by Russ Housley (diff)
Assignment Reviewer Stefan Santesson
State Completed
Review review-ietf-teep-otrp-over-http-14-secdir-lc-santesson-2022-10-17
Posted at https://mailarchive.ietf.org/arch/msg/secdir/MzG3-vpyMzuyG0-fRAZf8ul6wGo
Reviewed revision 14
Result Ready
Completed 2022-10-17
review-ietf-teep-otrp-over-http-14-secdir-lc-santesson-2022-10-17-00
I have dropped this review as it has been overdue for quite some time. But
since it still appears on my review-list, I took a look at it now in case this
is of any interest.

I have little knowledge about TEEP and the rationale behind its design
decisions. I trust that the author has that part figured out. My interest was
primarily in the requirements for HTTPS versus HTTP and how that was motivated.

A rather interesting observation in this regard was the attempt to "spice" the
requirement language of the specification. See section 4:

"It is strongly RECOMMENDED that implementations use HTTPS."

This brings my thought to other interesting alternatives to spice requirements
as defined in RFC 6919 like "OUGHT TO" ? ;)

But jokes aside, I'm not sure "strongly" is appropriate next to "RECOMMENDED".

But other than that I find no issues with the document.