I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at
<https://wiki.ietf.org/en/group/gen/GenArtFAQ>.

Document: draft-deshpande-secevent-http-multi-set-push-00
Reviewer: Russ Housley
Review Date: 2025-11-04
IETF LC End Date: unknown
IESG Telechat date: unknown


Summary: Not Ready

Thanks for addressing my earlier comments on -08 of this document.


Major Concerns:

Section 4:  Is TLS mutual authentication needed?  What harm takes place
if mutual authentication is not employed?

Section 7: Some of the topics in the Security Considerations of RFC 8935
are not covered here. Is the intent to use TLS in lieu of the approach in
RFC 8935?  If so, please state that clearly.

In Section 7.3, please say more.  
  a) Are there any requirements for particular cipher suites?
  b) For implementations that support TLS 1.3, point to the
     Security Considerations of TLS 1.3; see [I-D.ietf-tls-rfc8446bis].


Minor Concerns:

Section 6 should be toward the front of the document.


Nits:

Please do not underline figure captions.  Example:

   _Figure 1: Example of SET Transmission_

Section 3.3: s/previously transmitted SETs/previously transmitted SETs./