Thanks for the review, Robert. Barry On Thu, Apr 30, 2020 at 11:00 AM Robert Sparks via Datatracker <noreply@xxxxxxxx> wrote: > > Reviewer: Robert Sparks > Review result: Ready > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These comments > were written primarily for the benefit of the security area directors. Document > editors and WG chairs should treat these comments just like any other last call > comments. > > This document is ready for publication as Proposed Standard RFC. > > The document defines an HTTP json-based API for clients to use with a captive > portal API server. Discovery of the API server URL is defined in other capport > documents. Connection to the server uses TLS. Server authentication SHOULD use > OCSP stapling, and the network SHOULD provide permit connection to NTP servers > (or other time-sync mechanisms). The security considerations section calls out > the potential risk of look-alike characters being used in the server domain > name to mislead the user of the client of this API. > > > -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
