[Gen-art] Genart last call review of draft-ietf-jmap-websocket-04

Linda Dunbar via Datatracker <noreply@ietf.org> Tue, 10 December 2019 22:30 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: gen-art@ietf.org
Delivered-To: gen-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 707B51201EF; Tue, 10 Dec 2019 14:30:58 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Linda Dunbar via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
Cc: last-call@ietf.org, draft-ietf-jmap-websocket.all@ietf.org, jmap@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.113.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Linda Dunbar <linda.dunbar@futurewei.com>
Message-ID: <157601705841.9885.14627802012368211966@ietfa.amsl.com>
Date: Tue, 10 Dec 2019 14:30:58 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/HzPLoBN5iOzMEv0USZg0LNLM3To>
Subject: [Gen-art] Genart last call review of draft-ietf-jmap-websocket-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2019 22:30:58 -0000

Reviewer: Linda Dunbar
Review result: Ready with Nits

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-jmap-websocket-04
Reviewer: Linda Dunbar
Review Date: 2019-12-10
IETF LC End Date: 2019-12-19
IESG Telechat date: Not scheduled for a telechat

Summary:  the document describes binding JSON Meta Application Protocol (JMAP)
over a WebSocket Transport Layer (instead the current HTTP layer)

The document is written very clear. I think it is ready with a few questions.

1. The current practice of binding JMAP over HTTP requires authentication for
every request, vs. over WebSocket Transport only requires authentication at the
initial OPEN step. What if there is Man in the Middle attack after the initial
OPEN?

2. In the Introduction you stated that compression for HTTP requests has very
low deployment. Is it because HTTP request only has very small packet size,
therefore with very little benefit of compression?

Major issues:

Minor issues:

Nits/editorial comments:

Best Regards,
Linda Dunbar