Note: This ballot was opened for revision 14 and is now closed.
Thank you for doing this work. It's impressive.
Authors also need to reply to the IANA review from Klaus Hartke. He has rejected some CoAP registrations as they currently stand (IANA ticket #1055261), and he hasn't heard back from the authors yet.
Thank you for addressing my DISCUSS by adding the additional text to section 13, and for addressing my other comments. The change to section 13 is sufficient for me to clear the discuss, but I suggest adding a sentence to the following effect to the end of the new paragraph: “Malicious use of SenML to change system state could have severe consequences, potentially including violation of physical security, property damage, and even loss of life."
Thanks for addressing my DISCUSS and comments.
Thank you for addressing my comments! I am changing my position to Abstain, because I am still uncomfortable with the possibility for non-hierarchical, interleaving use of base values, but recognize that the WG has consensus to do so, and I will not stand in the way. Original ballot text preserved below. DISCUSS I agree with Ben's DISCUSS. Additionally, I have serious reservations about introducing the concept of "base fields" that apply to subsequent array elemnets unless overridden. It seems to violate an abstraction barrier for at least some of the serialization formats, and prevents snippets from being composable and commutable absent the resolution/normalization process. It does not seem like the markup language and the document contain suffient safeguards against misuse to prevent security holes (both sensor data and commands could be misinterpreted). It seems that some substantially expanded text should be added on the hazards of the non-resolved format and giving guidance on when resolution/normalization must be performed in order to avoid correctness and security issues. There also seem to be sizeable risks associated with the semantics for time values. In particular, both with the use of an implicit-"now-ish", and with positive and negative values being interpreted with respect to a different absolute time base. (The involvement of base time is a further complication -- I do not remember any discussion of the interaction of a (positive) base time and a negative regular time, for example. I also do not remember any discussion of how the "now-ish" semantics make it actively harmful to do things like store-and-forward or archive SenML data (again, absent normalization), or what sort of granularity the "now-ish" semantics are expected to adhere to. (Is "yesterday" still considered "roughly now"?) I understand the desire for this sort of semantics, but the current specification seems to leave many potential problems exposed. COMMENT Section 4.4 Just "Considerations" is an unusual subject title. Having no Unit and no Base Unit is allowed, but you don't say what the semantics are in that case (presumably just a dimensionless counter for integers, with units not really being applicable to non-numeric types). Interestingly, Section 5.1.7 deems it fit to use "/" for the unit for a boolean value, even though "/" is supposed to be a (continuous/floating-point) ratio. Section 4.5 Just to double-check: you really do want to privilege this specification's version for eternity, for the purpose of being omitted from resolved records? Section 12.1 is there not some other units registry we can use? I fear begetting https://xkcd.com/927/ . Also, how is/should the table be sorted? Also in Section 12.1, number 9, is the need for case sensitivity in Units (or otherwise?) normatively covered anywhere? If not, should it? Section 12 Are Base fields supposed to get negative CBOR labels (and not other fields)? Is this mentioned explicitly somewhere? (Yes, I know that the intent is for no more CBOR lablels to be allocated, but that is only a SHOULD-level requirement.) In Extensions that are mandatory to understand to correctly process the Pack MUST have a label name that ends with the '_' character. should that say something about "mandatory to understand but not defined in this document"? (Also in 12.3.1 et seq?) Section 13 Why are we talking about "executable content" at all? It seems quite unrelated to the rest of the document.