> > Section 11: RFC6819 is a normative reference, but it is Informational. > We need to call that out in the IETF Last Call, and I have to approve the > downref (which I will do).
Looking at the text in the document that references this RFC, it does not look like any of these references are normative references. I think this should be moved to the informative section. Regards, Rifaat On Thu, Jan 16, 2025 at 9:27 AM Deb Cooley <debcool...@gmail.com> wrote: > Here are the comments on my AD review of this draft. Most of them will be > easy to fix, except for the normative references to changeable standards: > > General: There are more than a couple of Normative references that are > pointing to 'living documents'. From my reading of the draft these > include: Cookie Prefixes, Fetch, Web-messaging, service-workers, > webstorage. If at all possible, we need to find a way to specify a > particular version via commit, snapshot, archive to make an immutable > version. Or find a way to make them Informative. Basically this draft > will be an RFC - immutable, yet a few of the Normative references are > changeable. > > BCP 14 boilerplate: idnits (a little blue button '! Nits' on the line > above the text of the draft on the main datatracker page). is throwing > errors on the BCP14 boilerplate. Ideally, I'd like these fixed before > moving this along (it just eliminates problems down the road). > > Section 6.1.3.2, para 4: '...the BFF SHOULD encrypt its cookie contents.' > Why not a MUST? Under what circumstances would it be reasonable to ignore > this SHOULD? > > Section 6.1.3.2, last para: Add this to the (Informative) references. > > Section 6.3.4.2.2, first para: Add 'CrytoKeyPair' to the (Informative) > references. > > Section 7.4, first para, last sentence: Nit: 'This restrictions' should > either be 'these restrictions' or 'this restriction'. > > Section 11: RFC6819 is a normative reference, but it is Informational. > We need to call that out in the IETF Last Call, and I have to approve the > downref (which I will do). > > Deb > Sec AD for oauth >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
