Draft:   draft-ietf-atompub-format-09
Reviewer: Lakshminath Dondeti [ldondeti@qualcomm.com]
Date: Wednesday 6/22/2005 1:10 PM CST

Summary: Ready with some suggestions for improvement

Review:
My XML knowledge goes as far as struggling to write I-Ds with it, so I 
am/was hoping others will review the document closely (and noticed earlier
that Ted H has some comments).

Here are some things that I noticed in my quick review of the text:

* The document can use a longer than 1 sentence abstract :-).  Cutting and
pasting text from the Introduction should do.

* In Section 1.1., please add a sentence or two about what the examples do,
and compare and contrast -- again 1 or 2 sentences should do -- the first
example with the second, in human-parseable words (something like, and that 
block of code prints "hello, world").

* Fast forwarding to the security considerations section, I am wondering, since
Atom is talking about "feeds" (I translate to streams), whether replay attacks
are an issue.

Similar to the integrity attack, but simpler, an adversary could send an older
copy of say a page of stock quotes and fool the user agent.  This attack is easy
enough to mitigate, as long as there is a date field in each "update," and the update
is integrity protected.  The recipient needs to make sure that the date is "current"
(within some margin) and needs to keep track of the "latest" received date and 
discard all older versions, or needs to keep a hash of the received versions within
the margin (to support out of order reception of various versions).

Hope that is helpful!

thanks and regards,
Lakshminath