It looks like the document previously got review from HTTP WG, and generally looks well thought out. However, I'm not sure why only TCP and TLS are discussed in https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server-16#section-2.1.2.2. Is the intention that network protocols like QUIC can be "augmented" in? I suspected that, but in that case, it should be mentioned the same way Basic auth is explicitly mentioned to be only one of the ways auth can happen with a MAY for other schemes: https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server-16#section-2.1.2.1-4.4