Document: draft-deshpande-secevent-http-multi-set-push Title: Push-Based Delivery For Multiple Security Event Token (SET) Using HTTP Reviewer: Russ Housley Review result: Not Ready
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. Document: draft-deshpande-secevent-http-multi-set-push-00 Reviewer: Russ Housley Review Date: 2025-11-04 IETF LC End Date: unknown IESG Telechat date: unknown Summary: Not Ready Thanks for addressing my earlier comments on -08 of this document. Major Concerns: Section 4: Is TLS mutual authentication needed? What harm takes place if mutual authentication is not employed? Section 7: Some of the topics in the Security Considerations of RFC 8935 are not covered here. Is the intent to use TLS in lieu of the approach in RFC 8935? If so, please state that clearly. In Section 7.3, please say more. a) Are there any requirements for particular cipher suites? b) For implementations that support TLS 1.3, point to the Security Considerations of TLS 1.3; see [I-D.ietf-tls-rfc8446bis]. Minor Concerns: Section 6 should be toward the front of the document. Nits: Please do not underline figure captions. Example: _Figure 1: Example of SET Transmission_ Section 3.3: s/previously transmitted SETs/previously transmitted SETs./ _______________________________________________ Gen-art mailing list -- [email protected] To unsubscribe send an email to [email protected]
