Last Call Review of draft-ietf-teep-otrp-over-http-14
review-ietf-teep-otrp-over-http-14-secdir-lc-santesson-2022-10-17-00
| Request | Review of | draft-ietf-teep-otrp-over-http |
|---|---|---|
| Requested revision | No specific revision (document currently at 15) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2022-04-07 | |
| Requested | 2022-03-17 | |
| Authors | Dave Thaler | |
| I-D last updated | 2022-10-17 | |
| Completed reviews |
Secdir Last Call review of -14
by Stefan Santesson
(diff)
Artart Last Call review of -13 by Carsten Bormann (diff) Genart Last Call review of -13 by Russ Housley (diff) |
|
| Assignment | Reviewer | Stefan Santesson |
| State | Completed | |
| Request | Last Call review on draft-ietf-teep-otrp-over-http by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/MzG3-vpyMzuyG0-fRAZf8ul6wGo | |
| Reviewed revision | 14 (document currently at 15) | |
| Result | Ready | |
| Completed | 2022-10-17 |
review-ietf-teep-otrp-over-http-14-secdir-lc-santesson-2022-10-17-00
I have dropped this review as it has been overdue for quite some time. But since it still appears on my review-list, I took a look at it now in case this is of any interest. I have little knowledge about TEEP and the rationale behind its design decisions. I trust that the author has that part figured out. My interest was primarily in the requirements for HTTPS versus HTTP and how that was motivated. A rather interesting observation in this regard was the attempt to "spice" the requirement language of the specification. See section 4: "It is strongly RECOMMENDED that implementations use HTTPS." This brings my thought to other interesting alternatives to spice requirements as defined in RFC 6919 like "OUGHT TO" ? ;) But jokes aside, I'm not sure "strongly" is appropriate next to "RECOMMENDED". But other than that I find no issues with the document.