Sensor Measurement Lists (SenML)
draft-ietf-core-senml-16

Thanks for addressing my DISCUSS and comments.

Thank you for addressing my DISCUSS by adding the additional text to section 13, and for addressing my other comments.

The change to section 13 is sufficient for me to clear the discuss, but I suggest adding a sentence to the following effect to the end of the new paragraph:

“Malicious use of SenML to change system state could have severe consequences, potentially including violation of physical security, property damage, and even loss of life."

Rich version of this review at:
https://mozphab-ietf.devsvcdev.mozaws.net/D4594







COMMENTS
>   
>   Abstract
>   
>      This specification defines media types for representing simple sensor
>      measurements and device parameters in the Sensor Measurement Lists
>      (SenML).  Representations are defined in JavaScript Object Notation

You're kind of burying the lede here. This document defines SenML, it
doesn't just define media type.


>      measurement every second, batch up 60 of them, and then send the
>      batch to a server.  It would include the relative time each
>      measurement was made compared to the time the batch was sent in each
>      SenML Record.  The server might have accurate NTP time and use the
>      time it received the data, and the relative offset, to replace the
>      times in the SenML with absolute times before saving the SenML Pack

You use "Pack" here before you define it in  S 3.


>      kinds of fields: base and regular.  The base fields can be included
>      in any SenML Record and they apply to the entries in the Record.
>      Each base field also applies to all Records after it up to, but not
>      including, the next Record that has that same base field.  All base
>      fields are optional.  Regular fields can be included in any SenML
>      Record and apply only to that Record.

It looks like it's permissible to intermix Base and Regular fields in
the same record. Assuming that's so, it would be helpful to say so.


>         ("vs" for "String Value") and binary data ("vd" for "Data Value").
>         Exactly one value field MUST appear unless there is Sum field in
>         which case it is allowed to have no Value field.
>   
>      Sum:  Integrated sum of the values over time.  Optional.  This field
>         is in the unit specified in the Unit value multiplied by seconds.

This text is hard to read, but the dimensional analysis seems
potentially wrong, for at least some measurements. I assume you're
thinking of something like watts and watt-hours. but if the value is
for instance bits, then "bit-seconds" is not a meaningful unit, and
yet you might want to sum these.


>   
>      The SenML format can be extended with further custom fields.  Both
>      new base and regular fields are allowed.  See Section 12.2 for
>      details.  Implementations MUST ignore fields they don't recognize
>      unless that field has a label name that ends with the '_' character
>      in which case an error MUST be generated.

How does this map to CBOR? I see you explain this later, but here
would be helpful


>      concatenated name MUST consist only of characters out of the set "A"
>      to "Z", "a" to "z", "0" to "9", "-", ":", ".", "/", and "_";
>      furthermore, it MUST start with a character out of the set "A" to
>      "Z", "a" to "z", or "0" to "9".  This restricted character set was
>      chosen so that concatenated names can be used directly within various
>      URI schemes (including segments of an HTTP path with no special

Assuming I am understanding this correctly, then "/" is a problem
inside a path component.


>      specified above puts strict limits on the URI schemes and URN
>      namespaces that can be used.  As a result, implementers need to take
>      care in choosing the naming scheme for concatenated names, because
>      such names both need to be unique and need to conform to the
>      restricted character set.  One approach is to include a bit string
>      that has guaranteed uniqueness (such as a 1-wire address).  Some of

citation for 1-wire please.


>                      | Encoding | Size | Compressed Size |
>                      +----------+------+-----------------+
>                      | JSON     |  573 |             206 |
>                      | XML      |  649 |             235 |
>                      | CBOR     |  254 |             196 |
>                      | EXI      |  161 |             184 |

Compression not working out so well for EXI


>   
>      To select a single SenML Record, the "rec" scheme followed by a
>      single number is used.  For the purpose of numbering records, the
>      first record is at position 1.  A range of records can be selected by
>      giving the first and the last record number separated by a '-'
>      character.  Instead of the second number, the '*' character can be

This is an odd notation as * usually means "all". Why not just omit
the terminal #?


>   
>      New entries can be added to the registration by Expert Review as
>      defined in [RFC8126].  Experts should exercise their own good
>      judgment but need to consider that shorter labels should have more
>      strict review.  New entries should not be made that counteract the
>      advice at the end of Section 4.4.

Note that you say earlier that you don't expect to define new CBOR
integers. That should probably be repeated here.


>      Sensor data can range from information with almost no security
>      considerations, such as the current temperature in a given city, to
>      highly sensitive medical or location data.  This specification
>      provides no security protection for the data but is meant to be used
>      inside another container or transport protocol such as S/MIME
>      [RFC5751] or HTTP with TLS [RFC5246] that can provide integrity,

This is the wrong citation for HTTP over TLS. That's RFC 2818.


>      We would like to thank Alexander Pelov, Alexey Melnikov, Andrew
>      McClure, Andrew McGregor, Bjoern Hoehrmann, Christian Amsuess,
>      Christian Groves, Daniel Peintner, Jan-Piet Mens, Jim Schaad, Joe
>      Hildebrand, John Klensin, Karl Palsson, Lennart Duhrsen, Lisa
>      Dusseault, Lyndsay Campbell, Martin Thomson, Michael Koster, Peter
>      Saint-Andre, Roni Even, and Stephen Farrell, for their review

Nit: no comma after Farrell