Last Call Review of draft-nottingham-rfc7320bis-02
review-nottingham-rfc7320bis-02-secdir-lc-eastlake-2019-12-24-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. Document
editors and WG chairs should treat these comments just like any other last
call comments.

The summary of the review is Ready with Nits.

This draft looks fine from a security point of view. I agree with the
Security Considerations that the draft prohibits some URI specification
practices that could lead to security problems.

However, maybe I was being dense, but I found it pretty hard to grasp the
details of exactly what the draft was saying. No doubt someone who lives in
the world of URIs all the time would have had an easier time. Nevertheless,
I think the draft would be vastly improved by adding 10 to 20 examples
showing URIs that are both good and bad rather than having only descriptive
text of what were good and bad practices. At least I think that would make
it much easier for me to have understood and reduced, perhaps to one, the
number of times I needed to read the draft to feel that I really understood
it.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com