I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at . Document: draft-ietf-httpbis-replay-02 Reviewer: Erik Kline Review Date: 2018-04-23 IETF LC End Date: 2018-04-23 IESG Telechat date: Not scheduled for a telechat Summary: This draft is basically ready for publication, but has nits that should be fixed before publication. These nits are mostly about satisfying my ignorance. Major issues: None Minor issues: None Nits/editorial comments: [1] Some bibliography are to old versions (TLS1.3 links to v21, current is v28). I assume that’ll just "fix itself" before publication. =) [2] Section 3, paragraph 1: not just session cookie, but non-zero max_early_data_size option? I couldn’t find explicit mention of max_early_data_size = 0 in TLS13v28, so perhaps it can’t be sent? [3] Section 3, paragraph LAST-1: “even if the server rejects the request” scans awkwardly to me in the context of "requests" in the first half of the sentence. “Even if the server ultimately rejects *one or more* of the requests by sending a 425...”? Perhaps I'm completely misreading something. [4] Section 4, paragraph 4: after “or if the same server accepts early data multiple times“ is there an implied “for the same session ticket” in the mind of the expected reader? Not sure if adding that is clarifying or redundant. [5] Section 6.1: “SHOULD disable early data” refers to connections toward servers (or next hops) or toward clients (or previous hops) or both? (I’m assuming the first, since doing so on a per-origin-server basis for incoming requests as they arrived would require examining SNI, but perhaps that's theoretically doable?)