Reviewer: Russ Housley
Review result: Almost Ready
I am the assigned ART-ART reviewer for this draft. I also did a Gen-ART
review of the previous version of this document. Please treat these
comments just like any other last call comments.
Document: draft-ietf-privacypass-architecture-13
Reviewer: Russ Housley
Review Date: 2023-06-22
IETF LC End Date: 2023-07-03
IESG Telechat date: Unknown
Summary: Almost Ready
Major Concerns:
In Section 1, I think that a bit more context is necessary. At a very high
level, this is an architecture for authorization based on privacy-preserving
authentication mechanisms. So, this section needs to say more about
authentication, authorization, and how the two work together. See the
discussion of these two concepts in RFC 4949.
In Section 2, I think that the definition of Attestation procedure should be
reworded to avoid using "trusted" in this manner. The use of "trust" In
Section 3.2 is more in line with the usual use of this term. Suggestion:
Attestation procedure: The procedure by which an Attester determines
whether or not a Client has the specific set of properties
that are necessary for token issuance.
Minor Concerns:
Section 5: Please explain "viability of an open Web".
Nits:
Section 3.4.2: A reference for Tor would be useful.
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
