Magnus Westerlund has entered the following ballot position for draft-ietf-capport-api-07: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 4.1: The API server endpoint MUST be accessed using HTTP over TLS (HTTPS) and SHOULD be served on port 443 [RFC2818]. I have another reason than Roman to discuss this particular sentence. First of all what is the intention of which HTTP version should be supported here? And which protocol are the port 443 you are recommending, TCP, UDP or SCTP? This also relates to HTTP/3 as it is getting close to being published, we can expect that in the future maybe people would like to upgrade to HTTP/3. Already now I am wondering if the written allow for HTTP/2 over TLS/TCP? Note, that I am mostly commenting from the perspective if you want to be specific that it is HTTP/1.1. over TLS/TCP that is the goal. Then this document should make certain changes in the formulation. If you want to be unspecific and don't think that will hurt interoperability, then another formulation that the current is also needed. Likely also a discussion about how a client will figure out what versions are supported. And maybe one of the ART ADs can help untangle if RFC 2818 really is the right normative reference here? Or if it should be RFC 7230 and possibly additional references for HTTP/2? _______________________________________________ Captive-portals mailing list Captive-portals@ietf.org https://www.ietf.org/mailman/listinfo/captive-portals