initial editorial comments

[m4mb01t4l14n0]

Abstract: ... there is no existing way for the origin to share such a nonce without exposing the fact that they serve resources ...

s/they serve/it serves

Also, some might consider this a run-on sentence. An abstract's brevity might condone such behavior, of course.

Section 1: Here I think it's better to have shorter sentences. I support directly stating that non-probability is a key feature, but I feel that requires an explanation. I don't have better wording yet - will consider and propose later. I find the second paragraph a bit abrupt having just stated the reasons non-probability is useful. There needs to be a caveat here, thus: "There are scenarios where servers may want to expose that authentication is required for access to specific resources. This is left for future work."

Section 5: ...HTTP intermediaries that support this specification will validate the authentication received from the client themselves, then let the upstream HTTP server using some other mechanism....

incomplete sentence. Likely "...let the upstream HTTP server AUTHENTICATE THE CLIENT using some other mechanism."

[DavidSchinazi]

Thanks! Fixed via 51404e94ab0180e6d15556af7d20a1e30388a6db