[Unbearable] Genart last call review of draft-ietf-tokbind-https-14

Linda Dunbar <Linda.dunbar@huawei.com> Thu, 03 May 2018 20:35 UTC

Return-Path: <Linda.dunbar@huawei.com>
X-Original-To: unbearable@ietf.org
Delivered-To: unbearable@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AE62712EADA; Thu, 3 May 2018 13:35:03 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Linda Dunbar <Linda.dunbar@huawei.com>
To: gen-art@ietf.org
Cc: unbearable@ietf.org, draft-ietf-tokbind-https.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.79.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152537970365.4463.14132908604998547675@ietfa.amsl.com>
Date: Thu, 03 May 2018 13:35:03 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/xv7r-pozweplhg8Kbs9aBxZdP_I>
Subject: [Unbearable] Genart last call review of draft-ietf-tokbind-https-14
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 20:35:04 -0000

Reviewer: Linda Dunbar
Review result: Ready with Nits

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-tokbind-https-14
Reviewer: Linda Dunbar
Review Date: 2018-05-03
IETF LC End Date: 2018-03-12
IESG Telechat date: 2018-05-10

The document is written very clear, easy to understand,  and content is

Major issues: None

Minor issues: None

Nits/editorial comments:

Section 2 Page 4:
Question: is "Very response" a specific response in the following sentence?  If
yes, need to provide the definition as  I don't see it being defined anywhere
  "MAY be listed by a server in a Vary response header field,.."

thank you.

Linda dunbar