Last Call Review of draft-ietf-geopriv-policy-uri-
review-ietf-geopriv-policy-uri-genart-lc-black-2011-11-30-2-00

Request Review of draft-ietf-geopriv-policy-uri
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2011-12-13
Requested 2011-11-30
Authors Richard Barnes, Martin Thomson, James Winterbottom, Hannes Tschofenig
Draft last updated 2011-11-30
Completed reviews Genart Telechat review of -?? by Suresh Krishnan
Genart Last Call review of -?? by David Black
Genart Last Call review of -?? by David Black
Genart Last Call review of -?? by David Black
Secdir Last Call review of -?? by Scott Kelly
Assignment Reviewer David Black
State Completed
Review review-ietf-geopriv-policy-uri-genart-lc-black-2011-11-30-2
Review completed: 2011-11-30

Review
review-ietf-geopriv-policy-uri-genart-lc-black-2011-11-30-2

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please wait for direction from your document shepherd
or AD before posting a new version of the draft.

Document: draft-ietf-geopriv-policy-uri-03
Reviewer: David L. Black
Review Date: November 22, 2011
IESG Telechat date: December 1, 2011

Summary: This draft is basically ready for publication, but has nits that
should be fixed before publication.

This draft specifies policy URIs for management of privacy policy for location
information obtained and maintained by Location Configuration Protocols (LCPs).
The draft is clear and well written.

All of the topics raised by the GenART review of the -02 version are addressed
in the -03 version, except that an unfortunate sentence structure has neutered
one of the agreed-to resolutions (PUT and DELETE requests SHOULD always be
rejected for http: URIs).

The following changes should be made to correctly capture the intent (this is
a normative change):

Section 7.1:
OLD
   If other means of protection are available, an "http:" URI MAY be used.
NEW
   If other means of protection are available, an "http:" URI MAY be used,
   but location servers SHOULD reject all PUT and DELETE requests for policy
   URIs that use the "http:" URI scheme.
END

Section 7.2:
OLD
      When neither application-layer or network-
      layer security is provided, location servers MUST reject requests
      using the PUT and DELETE methods, and SHOULD reject PUT and DELETE
      requests for policy URIs that use the "http:" URI scheme.
NEW
      When neither application-layer or network-
      layer security is provided, location servers MUST reject requests
      using the PUT and DELETE methods.
END

idnits 2.12.12 did not find anything that needs attention.

Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
david.black at emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------