Just two comments, based upon a quick read: 1. In section 2: POST is not specific to HTTP/1.1, and it's not good practice to specify a HTTP version. Just say "HTTP POST". 2. I'm not intimately familiar with the use case, but using POST in this manner precludes caching as well as fan-out (i.e., "collapsed forwarding"). Have you considered just using Atom or a similar event feed structure? Cheers, > On 30 Apr 2020, at 9:32 am, The IESG <iesg-secretary@xxxxxxxx> wrote: > > > The IESG has received a request from the Security Events WG (secevent) to > consider the following document: - 'Poll-Based Security Event Token (SET) > Delivery Using HTTP' > <draft-ietf-secevent-http-poll-09.txt> as Proposed Standard > -- Mark Nottingham https://www.mnot.net/ -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
