On Thu, Aug 29, 2013 at 11:21 PM, Peter Yee <peter@xxxxxxxxxx> wrote:
I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>
Please resolve these comments along with any other Last Call comments you
may receive.
Document: draft-ietf-repute-media-type-10
Reviewer: Peter Yee
Review Date: August-27-2013
IETF LC End Date: August-29-2013
IESG Telechat date: September-12-2013
Summary: This draft is on the right track but has open issues, described in
the review. [Ready with minor issues.]
This draft directs IANA to register an application/reputon+json media type.
It also defines a new IANA registry for reputation application-specific uses
of that media type.
Major issues:
Minor issues:
Authenticity and confidence ratings seem to be used interchangeably in the
document. Authenticity is never defined, but it appears that it may
previously have been used in place of confidence. The example spanning
pages 9 and 10 notes a confidence of 95% but uses that for the (undefined in
the document) authenticity value instead of the confidence value. Either
define authenticity (which is absent in Section 3.1) or switch to
confidence.
This is actually a mistake. Earlier versions had something called rater-authenticity and did define it, but that component of a reputon has since been removed in favour of "normal-rating". There are still some vestiges of the old text in there, which is causing this confusion. I'll clean it up.
Section 3.1, definition of rater: the wording of this definition could be
interpreted to mean either the party that is returning the rating
information in response to the query but which is not necessarily the party
creating the rating, or it could mean the party that created the rating.
This may go back to the muddled concept of authenticity (which seems to be
used to mean how much an unspecified "someone" believes that the rating
originated with the named rater) vs. confidence (how confident the rater is
in the rating). This definition should be cleared up to remove the
ambiguity that floats throughout the document.
Changing it to "The identity of the entity aggregating, computing, and providing the reputation information, typically expressed as a DNS domain name." I can't think of a case where the party receiving the query is not also at least within the same ADMD as the party doing the computation, so this seems like the right definition to me.
Nits:
[...]
All fixed. The "auth-value" one was old, as described above.
Thanks!