Linda, thanks for your review. I asked a question in my DISCUSS ballot related to your question about MITM (regarding transport confidentiality, not uses of JMAP beyond those specified for the WebSocket binding, which I think is clear). Alissa > On Dec 10, 2019, at 5:30 PM, Linda Dunbar via Datatracker <noreply@xxxxxxxx> wrote: > > Reviewer: Linda Dunbar > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-jmap-websocket-04 > Reviewer: Linda Dunbar > Review Date: 2019-12-10 > IETF LC End Date: 2019-12-19 > IESG Telechat date: Not scheduled for a telechat > > Summary: the document describes binding JSON Meta Application Protocol (JMAP) > over a WebSocket Transport Layer (instead the current HTTP layer) > > The document is written very clear. I think it is ready with a few questions. > > 1. The current practice of binding JMAP over HTTP requires authentication for > every request, vs. over WebSocket Transport only requires authentication at the > initial OPEN step. What if there is Man in the Middle attack after the initial > OPEN? > > 2. In the Introduction you stated that compression for HTTP requests has very > low deployment. Is it because HTTP request only has very small packet size, > therefore with very little benefit of compression? > > Major issues: > > Minor issues: > > Nits/editorial comments: > > Best Regards, > Linda Dunbar > > _______________________________________________ > Gen-art mailing list > Gen-art@xxxxxxxx > https://www.ietf.org/mailman/listinfo/gen-art -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
