Skip to main content

Last Call Review of draft-ietf-teep-otrp-over-http-14

Request Review of draft-ietf-teep-otrp-over-http
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-04-07
Requested 2022-03-17
Authors Dave Thaler
I-D last updated 2022-10-17
Completed reviews Secdir Last Call review of -14 by Stefan Santesson (diff)
Artart Last Call review of -13 by Carsten Bormann (diff)
Genart Last Call review of -13 by Russ Housley (diff)
Assignment Reviewer Stefan Santesson
State Completed
Request Last Call review on draft-ietf-teep-otrp-over-http by Security Area Directorate Assigned
Posted at
Reviewed revision 14 (document currently at 15)
Result Ready
Completed 2022-10-17
I have dropped this review as it has been overdue for quite some time. But
since it still appears on my review-list, I took a look at it now in case this
is of any interest.

I have little knowledge about TEEP and the rationale behind its design
decisions. I trust that the author has that part figured out. My interest was
primarily in the requirements for HTTPS versus HTTP and how that was motivated.

A rather interesting observation in this regard was the attempt to "spice" the
requirement language of the specification. See section 4:

"It is strongly RECOMMENDED that implementations use HTTPS."

This brings my thought to other interesting alternatives to spice requirements
as defined in RFC 6919 like "OUGHT TO" ? ;)

But jokes aside, I'm not sure "strongly" is appropriate next to "RECOMMENDED".

But other than that I find no issues with the document.