I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-moriarty-post-inch-rid-soap-05 Reviewer: Ben Campbell Review Date: 2008-03-03 IESG Telechat date: 06 March 2008 Summary: This document is almost ready for publication as a standards RFC, but there are some nits that should be considered first. Comments: Disclaimers: I am not an expert in SOAP wrapper specifications, and cannot offer an informed opinion about whether this document is sufficiently specified for that purpose. (I also note that there is controversy about whether SOAP is appropriate for this sort of thing at all, but again, hold no informed opinion.) Additionally, the security considerations in this draft refer heavily to the other RID documents. I am making the assumption that the referenced documents sufficiently describe the security requirements and potential attacks for RID in general. If that turns out not to be the case, then the security consideration section of this document might need some more meat. Details: I performed a Gen-ART review of version 3 of this draft. Most of my specific comments have been resolved, but a few remain: 1) Since this document specifies SOAP over HTTP, I would like to see at least one of the examples show the SOAP exchange in the context of actual HTTP messages. 2) I am still not sure the reference for HTTP/TLS in section 1 is correct. The original draft referenced RFC 4346 for HTTP/TLS, and I commented that 4346 defines TLS, but not HTTP/TLS. The author changed the wording to "HTTP over TLS V1.1 [RFC4346]", which technically solves the problem, but we are then left with no normative reference for HTTP/TLS at all. It may be that this is the best we can do, as the only reference I could dig up for this is 2818, which is informational--but it seems unsatisfying to not be able to come up with _some_ normative reference for HTTP/TLS. 3) There are still IDNIT warnings, quoted below. There is something in the reference formating that seems to confuse IDNits. I removed warnings that were clearly [to me] false. > Miscellaneous warnings: > > ---------------------------------------------------------------------------- > > == The copyright year in the IETF Trust Copyright Line does not > match the > current year > > > == Outdated reference: A later version (-05) exists of > draft-moriarty-post-inch-rid-02 > > -- Possible downref: Non-RFC (?) normative reference: ref. '2' > > -- Possible downref: Non-RFC (?) normative reference: ref. '3' > > -- Possible downref: Non-RFC (?) normative reference: ref. '4' > > -- Possible downref: Non-RFC (?) normative reference: ref. '5' > _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
