I have been selected as the Applications Area Directorate reviewer
for this draft (for background on APPSDIR, please see
http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate ).
Please resolve these comments along with any other Last Call comments
you may receive. Please wait for direction from your document
shepherd or AD before posting a new version of the draft.
Document: draft-ietf-httpbis-p7-auth-24
Title: Hypertext Transfer Protocol (HTTP/1.1): Authentication
Reviewer: S. Moonesamy
Review Date: October 29, 2013
IETF Last Call Date: October 21, 2013
Summary: This draft is almost ready for publication as a Proposed Standard.
This document defines the HTTP Authentication framework.
The document is well-written and clear.
Major Issues: None
Minor Issues:
In Section 1:
"HTTP provides several OPTIONAL challenge-response authentication
schemes that can be used by a server to challenge a client request
and by a client to provide authentication information."
I suggest using RFC 2119 after Section 1.2.
Nits:
In Section 2.1:
"Additional mechanisms MAY be used, such as encryption at the transport
level or via message encapsulation, and with additional header fields
specifying authentication information."
The RFC 2119 "may" is unnecessary.
Regards,
S. Moonesamy