Thanks for the ping, answers inline. :) -mike
On Tue, Dec 2, 2025 at 11:29 PM Sarah Tarrant <[email protected]> wrote: > 1) As there may have been multiple updates made to the document during > Last Call, > please review the current version of the document: > > * Is the text in the Abstract still accurate? > Yes, the Abstract is still accurate. > * Are the Authors' Addresses, Contributors, and Acknowledgments > sections current? > I believe so, though I'd ask John and Steven to confirm themselves that they're appropriately represented. > 2) Please share any style information that could help us with editing your > document. For example: > > * Is your document's format or its terminology based on another document? > If so, please provide a pointer to that document (e.g., this document's > terminology should match DNS terminology in RFC 9499). > Yes. This document is rooted in https://www.rfc-editor.org/rfc/rfc6265.html, and we tried to stick with that document's language unless there was good reason to change it. > * Is there a pattern of capitalization or formatting of terms? (e.g., > field names > should have initial capitalization; parameter names should be in double > quotes; > <tt/> should be used for token names; etc.) > Nothing abnormal. The important thing, I think, is that we're consistent with other RFCs (and internally in the document!) about the way we're writing cookie attribute names, header names, etc. We don't otherwise have specific formatting requirements. 3) Please review the entries in the References section carefully with > the following in mind. Note that we will update as follows unless we > hear otherwise at this time: > > * References to obsoleted RFCs will be updated to point to the current > RFC on the topic in accordance with Section 4.8.6 of RFC 7322 > (RFC Style Guide). > > * References to I-Ds that have been replaced by another I-D will be > updated to point to the replacement I-D. > > * References to documents from other organizations that have been > superseded will be updated to their superseding version. > > Note: To check for outdated RFC and I-D references, you can use > idnits <https://author-tools.ietf.org/idnits>. You can also help the > IETF Tools Team by testing idnits3 <https://author-tools.ietf.org/idnits3/ > > > with your document and reporting any issues to them. > I believe references are already up to date, but if we've missed some, updating/replacing them is entirely appropriate. One exception is RFC 2109 which is obsoleted by RFC 2965: it seems reasonable to keep that as an information reference given the way it's used in the document. 4) Is there any text that should be handled extra cautiously? For example, > are > there any sections that were contentious when the document was drafted? Not that I recall. 5) Is there anything else that the RPC should be aware of while editing > this > document? Cookies are compromises between something remotely resembling philosophical purity and the behavior that web developers have come to rely upon over the decades since their introduction. Not all of cookies' algorithms or behaviors are what we'd have chosen today.. they're simply what vendors have agreed upon over time. > 6) This document uses one or more of the following text styles. > Are these elements used consistently? > > * fixed width font (<tt/> or `) > * italics (<em/> or *) > * bold (<strong/> or **) > Skimming through the HTML, I don't believe we use `<tt>`, `<em>`, or `<strong>`. We do use `<code>` in various places to demarcate cookie attribute names, meaningful prefixes, etc. I hope we're consistent about it. :) > 7) This document contains sourcecode: > > * Does the sourcecode validate? > * Some sourcecode types (e.g., YANG) require certain references and/or > text > in the Security Considerations section. Is this information correct? > * Is the sourcecode type indicated in the XML? (See information about > types: https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types.) > * Note that "example" is not currently a type we support. > The examples in the document text are all HTTP fields and values. As none of the "sourcecode" is executable, I don't believe there are any additional security considerations to add. 8) This document is part of Cluster 548. > > * To help the reader understand the content of the cluster, is there a > document in the cluster that should be read first? Next? If so, please > provide > the order and we will provide RFC numbers for the documents accordingly. > If order is not important, please let us know. > * Is there any text that has been repeated within the cluster document > that > should be edited in the same way (for instance, parallel introductory text > or > Security Considerations)? > * For more information about clusters, see > https://www.rfc-editor.org/about/clusters/ > * For a list of all current clusters, see: > http://www.rfc-editor.org/all_clusters.php I think the clustering here is arbitrary. This document is ~entirely unrelated to `draft-ietf-oauth-browser-based-apps`. 9) Because this document obsoletes RFC 6265, please review > the reported errata and confirm whether they have been addressed in this > document or are not relevant: > > * RFC 6265 (https://www.rfc-editor.org/errata/rfc6265) > Yes, we have addressed the errata the WG decided to address. > 10) Would you like to participate in the RPC Pilot Test for editing in > kramdown-rfc? > If so, please let us know and provide a self-contained kramdown-rfc file. > For more > information about this experiment, see: > https://www.rfc-editor.org/rpc/wiki/doku.php?id=pilot_test_kramdown_rfc. > Sure. The original kramdown-rfc file we've used for the document is at https://github.com/httpwg/http-extensions/blob/main/draft-ietf-httpbis-rfc6265bis.md . > 11) Would you like to participate in the RPC Pilot Test for completing > AUTH48 in > GitHub? If so, please let us know. For more information about this > experiment, > see: > > https://www.rfc-editor.org/rpc/wiki/doku.php?id=rpc-github-phase-0-pilot-test > . > That sounds fine to me. Thank you for your help getting this document into shape! -mike
-- auth48archive mailing list -- [email protected] To unsubscribe send an email to [email protected]
