Document: draft-ietf-webdav-rfc2518bis-18.txt Reviewer: Elwyn Davies Review Date: 05/03/2007 IESG Telechat date: 8 March 2007 Summary: All my significant issues with -17 have been fixed in -18, and I believe this is ready to go for PS. There are a couple of residual consistency points that can be cleaned up in RFC Editing - see below. The 'allprop' one is significant and needs fixing IMO. Comments: Treatment of 'allprop': Appendix F.1 is now consistent with s9.1 regarding which properties are returned by 'allprop', but the wording of the definition in s14.2 is still inconsistent in that it does not mention properties defined in other documents. I think that s14.2 should also make a requirement that 'other documents' explicitly say whether a property is to be returned with 'allprop'. The examples in 9.1.5 and s9.1.6 also fail to state the possibility of returning properties defined in other documents - I suggested that the example in s9.1.6 could be used to illustrate this. s21 IANA Considerations: I believe that it would be helpful to clarify that this is a formalization of previous registrations spread across RFC 2518, RFC 4229 and RFC 4395. IANA therefore needs to update the references but not register anything new. My original comment was: The various items here do not require new registrations as they were all registered as a result of RFC 2518 (and RFC 4229). This document updates the registrations (and in a sense formalizes them since RFC 2518 did not have an IANA Considerations section explicitly). s21.1 should refer to RFC 4395 which controls the URI Scheme registry. s21.3 should refer to RFC 4229 which formalized the initial state of the message header field registrations. It occurs to me that I did not check if there are any message headers which were in RFC 2518 but are now dropped - if so this should probably be recorded here. Potential security implications of lockdiscovery: This issue was fixed by a change to s15.8. I think it would be useful to flag this in s6.8 by adding the phrase "subject to security and privacy constraints" to the end of the first sentence. Consideration should also be given to changing the title of s20.4 to "Security and Privacy Issues Connected to Locks". s9.2: I thought that the term 'document order' was going to be removed as it isn't clear what it means. (It might be clearer to an XML afficionado).