Thanks for your review, Mark. I corrected (1) as you suggested in https://tools.ietf.org/html/draft-ietf-secevent-http-push-11. -- Mike -----Original Message----- From: Benjamin Kaduk <kaduk@xxxxxxx> Sent: Friday, May 8, 2020 5:04 PM To: Mark Nottingham <mnot@xxxxxxxx> Cc: last-call@xxxxxxxx; secevent-chairs@xxxxxxxx; id-event@xxxxxxxx; draft-ietf-secevent-http-poll@xxxxxxxx Subject: Re: [Last-Call] Last Call: <draft-ietf-secevent-http-poll-09.txt> (Poll-Based Security Event Token (SET) Delivery Using HTTP) to Proposed Standard Hi Mark, On Mon, May 04, 2020 at 04:52:10PM +1000, Mark Nottingham wrote: > Just two comments, based upon a quick read: > > 1. In section 2: POST is not specific to HTTP/1.1, and it's not good practice to specify a HTTP version. Just say "HTTP POST". Thanks for noting that, it's a good point (and probably just an oversight, as "HTTP POST" is used sevarl times but "HTTP/1.1 POST" just the once). > 2. I'm not intimately familiar with the use case, but using POST in this manner precludes caching as well as fan-out (i.e., "collapsed forwarding"). Have you considered just using Atom or a similar event feed structure? There's a bit of discussion on this point at https://tools.ietf.org/html/draft-ietf-secevent-http-push-08#appendix-A, though Atom itself is not listed there. -Ben -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
