Hi Mike, Thank you for your reply!
Sincerely, Sarah Tarrant RFC Production Center > On Dec 9, 2025, at 2:47 AM, Mike West <[email protected]> wrote: > > Thanks for the ping, answers inline. :) > > -mike > > > On Tue, Dec 2, 2025 at 11:29 PM Sarah Tarrant <[email protected]> > wrote: > 1) As there may have been multiple updates made to the document during Last > Call, > please review the current version of the document: > > * Is the text in the Abstract still accurate? > > Yes, the Abstract is still accurate. > * Are the Authors' Addresses, Contributors, and Acknowledgments > sections current? > > I believe so, though I'd ask John and Steven to confirm themselves that > they're appropriately represented. > 2) Please share any style information that could help us with editing your > document. For example: > > * Is your document's format or its terminology based on another document? > If so, please provide a pointer to that document (e.g., this document's > terminology should match DNS terminology in RFC 9499). > > Yes. This document is rooted in https://www.rfc-editor.org/rfc/rfc6265.html, > and we tried to stick with that document's language unless there was good > reason to change it. > * Is there a pattern of capitalization or formatting of terms? (e.g., field > names > should have initial capitalization; parameter names should be in double > quotes; > <tt/> should be used for token names; etc.) > > Nothing abnormal. The important thing, I think, is that we're consistent with > other RFCs (and internally in the document!) about the way we're writing > cookie attribute names, header names, etc. We don't otherwise have specific > formatting requirements. > > 3) Please review the entries in the References section carefully with > the following in mind. Note that we will update as follows unless we > hear otherwise at this time: > > * References to obsoleted RFCs will be updated to point to the current > RFC on the topic in accordance with Section 4.8.6 of RFC 7322 > (RFC Style Guide). > > * References to I-Ds that have been replaced by another I-D will be > updated to point to the replacement I-D. > > * References to documents from other organizations that have been > superseded will be updated to their superseding version. > > Note: To check for outdated RFC and I-D references, you can use > idnits <https://author-tools.ietf.org/idnits>. You can also help the > IETF Tools Team by testing idnits3 <https://author-tools.ietf.org/idnits3/> > with your document and reporting any issues to them. > > I believe references are already up to date, but if we've missed some, > updating/replacing them is entirely appropriate. > > One exception is RFC 2109 which is obsoleted by RFC 2965: it seems reasonable > to keep that as an information reference given the way it's used in the > document. > > 4) Is there any text that should be handled extra cautiously? For example, > are > there any sections that were contentious when the document was drafted? > > Not that I recall. > > 5) Is there anything else that the RPC should be aware of while editing this > document? > > Cookies are compromises between something remotely resembling philosophical > purity and the behavior that web developers have come to rely upon over the > decades since their introduction. Not all of cookies' algorithms or behaviors > are what we'd have chosen today.. they're simply what vendors have agreed > upon over time. > 6) This document uses one or more of the following text styles. > Are these elements used consistently? > > * fixed width font (<tt/> or `) > * italics (<em/> or *) > * bold (<strong/> or **) > > Skimming through the HTML, I don't believe we use `<tt>`, `<em>`, or > `<strong>`. We do use `<code>` in various places to demarcate cookie > attribute names, meaningful prefixes, etc. I hope we're consistent about it. > :) > 7) This document contains sourcecode: > > * Does the sourcecode validate? > * Some sourcecode types (e.g., YANG) require certain references and/or text > in the Security Considerations section. Is this information correct? > * Is the sourcecode type indicated in the XML? (See information about > types: https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types.) > * Note that "example" is not currently a type we support. > > The examples in the document text are all HTTP fields and values. As none of > the "sourcecode" is executable, I don't believe there are any additional > security considerations to add. > > 8) This document is part of Cluster 548. > > * To help the reader understand the content of the cluster, is there a > document in the cluster that should be read first? Next? If so, please > provide > the order and we will provide RFC numbers for the documents accordingly. > If order is not important, please let us know. > * Is there any text that has been repeated within the cluster document that > should be edited in the same way (for instance, parallel introductory text or > Security Considerations)? > * For more information about clusters, see > https://www.rfc-editor.org/about/clusters/ > * For a list of all current clusters, see: > http://www.rfc-editor.org/all_clusters.php > > I think the clustering here is arbitrary. This document is ~entirely > unrelated to `draft-ietf-oauth-browser-based-apps`. > > 9) Because this document obsoletes RFC 6265, please review > the reported errata and confirm whether they have been addressed in this > document or are not relevant: > > * RFC 6265 (https://www.rfc-editor.org/errata/rfc6265) > > Yes, we have addressed the errata the WG decided to address. > 10) Would you like to participate in the RPC Pilot Test for editing in > kramdown-rfc? > If so, please let us know and provide a self-contained kramdown-rfc file. For > more > information about this experiment, see: > https://www.rfc-editor.org/rpc/wiki/doku.php?id=pilot_test_kramdown_rfc. > > Sure. The original kramdown-rfc file we've used for the document is at > https://github.com/httpwg/http-extensions/blob/main/draft-ietf-httpbis-rfc6265bis.md. > 11) Would you like to participate in the RPC Pilot Test for completing > AUTH48 in > GitHub? If so, please let us know. For more information about this > experiment, > see: > https://www.rfc-editor.org/rpc/wiki/doku.php?id=rpc-github-phase-0-pilot-test. > > That sounds fine to me. > > Thank you for your help getting this document into shape! > > -mike -- auth48archive mailing list -- [email protected] To unsubscribe send an email to [email protected]
