Last Call Review of draft-nottingham-rfc7320bis-02

Request Review of draft-nottingham-rfc7320bis
Requested rev. no specific revision (document currently at 03)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-12-16
Requested 2019-11-18
Authors Mark Nottingham
Draft last updated 2019-12-24
Completed reviews Opsdir Last Call review of -02 by Qin Wu (diff)
Genart Last Call review of -02 by Robert Sparks (diff)
Secdir Last Call review of -02 by Donald Eastlake (diff)
Tsvart Last Call review of -02 by Joseph Touch (diff)
Assignment Reviewer Donald Eastlake
State Completed
Review review-nottingham-rfc7320bis-02-secdir-lc-eastlake-2019-12-24
Posted at
Reviewed rev. 02 (document currently at 03)
Review result Has Nits
Review completed: 2019-12-14


I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. Document
editors and WG chairs should treat these comments just like any other last
call comments.

The summary of the review is Ready with Nits.

This draft looks fine from a security point of view. I agree with the
Security Considerations that the draft prohibits some URI specification
practices that could lead to security problems.

However, maybe I was being dense, but I found it pretty hard to grasp the
details of exactly what the draft was saying. No doubt someone who lives in
the world of URIs all the time would have had an easier time. Nevertheless,
I think the draft would be vastly improved by adding 10 to 20 examples
showing URIs that are both good and bad rather than having only descriptive
text of what were good and bad practices. At least I think that would make
it much easier for me to have understood and reduced, perhaps to one, the
number of times I needed to read the draft to feel that I really understood

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA