https://github.com/anewton1998/draft-regext-rdap-extensions/issues/58
>> Section 4.4, paragraph 3 >> 2. Normative references, i.e. references to materials that are required for >> the interoperability of the extension, should be stable and non-changing. > Isn't this what rfc3967 actually defines, so basically stating the obvious? > For extensions defined by RFC this requirement seems to be not needed. For > others I would reverse this sentence that the specification shall use > normative references as per rfc3967 wherever it is required [JS] Fair point. But repeating for tighter extensions can only be helpful. >> Section 4.4, paragraph 2 >> 3. Extension specifications should strongly consider making the use of >> HTTPS with RDAP mandatory if appropriate. > rfc7480 Section 7 mandates https supported by the server. So basically it is > about effectively forbidding unencrypted HTTP in some cases. I would suggest > to rephrase this part to say: ``` Extension specifications SHOULD be very clear whether RDAP requests and responses related to the extension can be exchanged over an unencrypted http connection. Extension specification MUST mandate use of HTTPS in its Security Considerations if unencrypted http data exchange would pose security or privacy risks. ``` [JS] Thanks, would incorporate this verbiage. >> But maybe a reference to rfc7481 is just enough. [JS] Add that as well.
_______________________________________________ regext mailing list -- regext@ietf.org To unsubscribe send an email to regext-le...@ietf.org
