Locating Services for Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV)
RFC 6764

Note: This ballot was opened for revision 10 and is now closed.

(Alexey Melnikov) Yes

(Peter Saint-Andre) Yes

Comment (2010-09-08 for -)
No email
send info
1. In Section 6, Step 2 says: "In this situation clients MUST first attempt an HTTP connection with transport layer security." However, the document does not specify what is meant by "transport layer security" (e.g., does this mean either SSL or TLS?). See also the first paragraph of Section 8.

2. There was some discussion on the apps-discuss@ietf.org list about the fact that this specification does not use a technology that enables discovery of URIs, such as U-NATPR or the (proposed) URI RR. It might be reasonable to discuss the design decisions that led to the current approach.

(Jari Arkko) No Objection

(Ron Bonica) No Objection

(Stewart Bryant) No Objection

(Ralph Droms) No Objection

(Lars Eggert) (was Discuss) No Objection

Comment (2010-09-08)
No email
send info
Section 1., paragraph 3:
>    (RRs).  This has been enhanced to provide addition al service meta-

  Nit: s/addition al/additional/

(Adrian Farrel) No Objection

Comment (2010-09-08 for -)
No email
send info
Section 1

   Another issue with CalDAV or CardDAV service discovery is that the
   service may not be located at the "root" URI of the HTTP server
   hosting it.

Is that "may not" or "might not"?

(Russ Housley) No Objection

(Tim Polk) No Objection

(Dan Romascanu) No Objection

(Robert Sparks) No Objection

Comment (2010-09-09 for -)
No email
send info
1) Using redirection to actual data (rather than metadata) for the well-known mechanism surprised me. I don't think that concept was captured at all in rfc5785 (draft-nottingham-site-meta). 

2) Mandating a 301 for redirection might have unintended consequences (with caching and with clients remembering the redirection forever). Consider adding advice on controlling caches. I understand that in normal expected behavior, this lookup will only be done once, but if an account is deleted/re-added and the lookup needs to be run again, do you want the earlier redirect (which might have occurred years earlier) to be honored?

(Sean Turner) No Objection