Thank you for a clear specification of the way TEEP is tunneled through an HTTP Transport. ## Minor The list of boilerplate header fields in 4 might briefly mention why there is no point in providing a cache-control header (as is being suggested by RFC 9205). 5.1: What is an "API session"? This reviewer can probably guess, but would prefer not having to. 6.2: Why is this a SHOULD? Are there any adverse consequences of not doing that? What would be the reason to deviate from the SHOULD? ## Nits Obviously, by now RFC 9110 (draft-ietf-httpbis-semantics) and RFC 9205 (draft-ietf-httpbis-bcp56bis) have been published. Is there a difference between the end of 5.1 and the end of 5.2? Please indicate if these are the same, or if there is a subtle difference. 7 Bullet 8: pass -> passes