Hi Robert,
Some replies and questions inline in BLUE.
Barry - there are several places below in Robert's and my comments
where we need your guidance, I think.
I'll try to turn out a new draft ASAP, but would appreciate Barry's and
Robert's guidance before posting it.
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic(_at_)gmail(_dot_)com
Winter 579 Park Place Saline, MI 48176 734-944-0094
Summer PO Box 221 Grand Marais, MI 49839 906-494-2434
On Fri, Nov 21, 2014 at 4:55 PM, Robert Sparks
<rjsparks(_at_)nostrum(_dot_)com> wrote:
I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
Please resolve these comments along with any other Last Call comments
you may receive.
Document: draft-mcdonald-ipps-uri-scheme-16
Reviewer: Robert Sparks
Review Date: 21-Nov-2014
IETF LC End Date: 25-Nov-2014
IESG Telechat date: 4-Dec-2014
Summary: Almost ready, but has nits that should be addressed before
publication as a Proposed Standard
Nits/editorial comments:
First: (For Barry as sponsoring AD and shepherd):
I think you might want to say more about how this and the related PWG
documents are being handled cross-organization.
An RFC that normatively updates a document under some other organization's
change control is an unusual thing. Usually there are parallel documents
coordinating this. Is there such a parallel PWG doc this time?
<ira> (Slight clarification of Mike Sweet's earlier reply)
No.
Generally speaking, the PWG IPP WG doesn't develop parallel documents for
publication by both the PWG (IEEE-ISTO) and IETF - there is no point. PWG
documents include IANA registration templates which go through the usual
registration process, independent of any IETF RFC publication.
However, since RFC 3510 is an IETF document that was produced by the (now
defunct) IETF IPP WG, and since this document is a parallel alternative to
RFC 3510 (and inherits most of the text of RFC 3510), we (the PWG IPP WG)
decided it should be submitted for publication by (and under the IP rules
of) the IETF rather than publishing it as a PWG standard. And Barry has
graciously agreed to shepard the document...
</ira>
Why aren't there RFC variants of the PWG docs (we've republished other
organization's documents in the RFC series before...)
<ira> (Expanding my earlier reply)
The later versions of the IPP protocol (2.0, 2.1, and 2.2) defined in
IEEE-ISTO PWG
5100.12 normatively depend on over twenty other PWG specs (IPP and
otherwise),
so republishing them as IETF RFCs is not feasible.
</ira>
Second: The 6 step construction in section 3 is a little odd. Why aren't
steps 3-5 collapsed into one step that says "go do what https: says to do"?
Split this way, especially with the repeated guidance in the security
considerations section pointing somewhat loosely to 7320 and 5246 for
things that "can be used to address this threat" looks like an opportunity
for someone to get creative with how they check the certificate supplied by
the server against the name in the URI. If you don't want anything but what
happens in https to happen, I think it needs to be more clearly stated.
Otherwise, doesn't this go off into RFC 6125 territory?
<ira>
We need some AD guidance from Barry here. We could collapse steps 3-5 to a
pointer to HTTPS, if that's preferable.
We don't want anyone to "get creative" in checking a certificate, so
guidance in
how to say that best would be appreciated.
</ira>
Lastly (and much smaller nits):
There are several callouts from the text that look like references that
are not represented in the references section.
ID nits complains about all of these, and should make them easy to find
and fix.
<ira>
I just ran ID Nits in the verbose mode and saved the output.
Unfortunately, the I-D submission checks didn't show any of these errors or
warnings.
We certainly need the extra boilerplate for the pre-RFC5378 work. Several
of the
original authors of RFC 2910 and RFC 2911 are dead or unreachable AFAIK.
These ID Nits may take a little while to fix...
</ira>
For example (from section 1.2):
2) Some existing IPP Client and IPP Printer implementations of HTTP
Upgrade [RFC 2717] do not perform upgrade at the beginning of
<ira>
That's a typo - should have been [RFC2817].
</ira>
This reference is oddly constructed - please check early with the RFC
Editor on whether they
will take this, or want something a little different.
[HTTP1.1] HTTP/1.1. See [RFC7230], [RFC7231], [RFC7232],
[RFC7233], [RFC7234], and [RFC7235].
<ira>
We'll remove this composite reference - it's only ever used (incorrectly)
in the acronyms appendix.
</ira>
This line is wrong, and is causing idnits to complain once where it
shouldn't.
(The thing in the [] should be RFC7235, not 4):
[RFC7234] Fielding, R., and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Authentication", RFC 7235, June 2014.
<ira>
Yes - it's a cut-and-paste typo.
</ira>