Last Call Review of draft-ietf-calext-jscontact-08
review-ietf-calext-jscontact-08-secdir-lc-atkins-2023-03-22-00
| Request | Review of | draft-ietf-calext-jscontact |
|---|---|---|
| Requested revision | No specific revision (document currently at 17) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2023-03-17 | |
| Requested | 2023-03-03 | |
| Authors | Robert Stepanek , Mario Loffredo | |
| I-D last updated | 2023-03-22 | |
| Completed reviews |
Genart Last Call review of -08
by Reese Enghardt
(diff)
Secdir Last Call review of -08 by Derek Atkins (diff) Artart Last Call review of -07 by Martin J. Dürst (diff) |
|
| Assignment | Reviewer | Derek Atkins |
| State | Completed | |
| Request | Last Call review on draft-ietf-calext-jscontact by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/PlAoxAVcEshQpVwUm3fR-tTmmWY | |
| Reviewed revision | 08 (document currently at 17) | |
| Result | Has nits | |
| Completed | 2023-03-16 |
review-ietf-calext-jscontact-08-secdir-lc-atkins-2023-03-22-00
Hi,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written with the intent of improving
security requirements and considerations in IETF drafts. Comments
not addressed in last call may be included in AD reviews during the
IESG review. Document editors and WG chairs should treat these
comments just like any other last call comments.
Summary:
* Have Nits
Details:
* Typo in 1.5.2:
-2^53+1 <= value <= 2^^53-1, the safe range for integers stored in a
-- you probably don't want the double-^ here.
* In 1.5.4, I'm confused about the difference between "type" and
"@type". They both seem to be the "type of .. resource". Perhaps
the differences are explained later. But it would behoove you to
explain it a bit more here for those of us first coming to the spec.
Once I got to 2.2.2 (name), where both are used, I THINK I see the
difference: @type is used to specify the type of the object, whereas
type is used to specify the sub-type of the data in the object.
Personally I find this name overloading confusing.
* Section 2.2 (and others, I'm sure), I'm curious why you repeat
object-types under the data sections. For example, why repeat
@type: Title under the heading "titles"? You already know you're in
the titles section, so it seems redundant (and non-normalized).
Also, what are you supposed to do if the @type doesn't match? For
example:
"titles": {
"le9": {
"@type": "Organization",
"type": "title",
"name": "Research Scientist"
},
* Section 2.8.1 -- I finally found a place where @type is used as an
object sub-type, to declare whether a date is a PartialDate or
Timestamp -- but I don't see why you need to use @type vs type here.
It seems to me you should use type to declare what kind of date it
is, not @type.
* Section 2.8.3 -- Even here, you say @type is mandatory, but it
doesn't exist in the example in Figure 34! But this goes back to my
previous comment that I think @type is redundant. You already know
you're dealing with notes so why add the @type:Note?
Note: I did not read through the IANA Registry sections thoroughly.
-derek
--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant