Reviewer: Dan Romascanu Review result: Ready with Nits I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-httpbis-message-signatures-16 Reviewer: Dan Romascanu Review Date: 2023-02-14 IETF LC End Date: 2023-02-20 IESG Telechat date: Not scheduled for a telechat Summary: This document defines a mechanism for providing end-to-end integrity and authenticity for components of an HTTP message. The mechanism allows applications to create digital signatures or message authentication codes. This mechanism supports use case where the full HTTP message may not be known to the signer, and where the message may be transformed before reaching the verifier. This document also describes a means for requesting that a signature be applied to a subsequent HTTP message in an ongoing HTTP exchange. It's a detailed and well-structured document. I appreciated the terminology section that helped me understand many of the details in the following sections without much need to go and search in other documents. Major issues: Minor issues: Nits/editorial comments: 1. In Section 1: > The term "Unix time" is defined by [POSIX.1], Section 4.16 (http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/ V1_chap04.html#tag_04_16). I am not sure that the URL is necessary, the reference may be sufficient. 2. I am wondering why the issues raised in 'Detecting HTTP Message Signatures' are pushed into an Appendix. They seem quite important for implementers to be mentioned in the body of the memo, maybe as a sub-section of the Introduction. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
