Looks good to me, thanks. Regards Brian
On 27/02/2017 14:22, Mark Nottingham wrote: > [ editor hat ] > > That all seems reasonable to me; see: > > https://github.com/httpwg/http-extensions/commit/ca56fd8365 > https://github.com/httpwg/http-extensions/commit/31c11b4683 > > Will incorporate into the next draft when we issue. > > Thanks! > > >> On 26 Feb 2017, at 12:20 pm, Brian Carpenter <[email protected]> >> wrote: >> >> Reviewer: Brian Carpenter >> Review result: Ready with Issues >> >> Gen-ART Last Call review of draft-ietf-httpbis-http2-encryption-10 >> >> I am the assigned Gen-ART reviewer for this draft. The General Area >> Review Team (Gen-ART) reviews all IETF documents being processed >> by the IESG for the IETF Chair. Please treat these comments just >> like any other last call comments. >> >> For more information, please see the FAQ at >> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >> >> Document: draft-ietf-httpbis-http2-encryption-10.txt >> Reviewer: Brian Carpenter >> Review Date: 2017-02-26 >> IETF LC End Date: 2017-03-06 >> IESG Telechat date: 2017-03-16 >> >> Summary: Ready with issues >> -------- >> >> Comments: >> --------- >> >> Note: Category is Experimental. >> >> Quoting the writeup: >> >> 'The primary concern voiced by dissenters has been that widespread >> deployment might provide a false sense of security, slowing the >> adoption of "real" HTTPS or confusing users."' >> >> FWIW, I share that concern, even with the tag 'Experimental.' >> >> Major issue: >> ------------ >> >> The Abstract should definitely state the above concern. At the >> moment, >> it could easily mislead the reader about the value of the solution. >> I'd like to see the phrase "it is vulnerable to active attacks" in >> the Abstract. >> >> Minor issue: >> ------------ >> >>> 4.4. Confusion Regarding Request Scheme >> ... >>> Therefore, servers need to carefully examine the use of such >> signals >>> before deploying this specification. >> >> What does "servers" really mean here? I think it means "implementers >> of server code", or maybe "operators of servers"? >> >> Nits: >> ----- >> >>> 4.1. Security Indicators >>> >>> User Agents MUST NOT provide any special security indicia when an >> >> 'Indicia' is a real word, but I think it's unknown to at least 99% of >> English speakers. Why not 'indicators' again? >> >> >> >> > > -- > Mark Nottingham https://www.mnot.net/ > > _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
