Last Call Review of draft-ietf-cbor-7049bis-14
review-ietf-cbor-7049bis-14-secdir-lc-sheffer-2020-08-10-00
Request | Review of | draft-ietf-cbor-7049bis |
---|---|---|
Requested revision | No specific revision (document currently at 16) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2020-08-14 | |
Requested | 2020-07-24 | |
Authors | Carsten Bormann , Paul E. Hoffman | |
I-D last updated | 2020-08-10 | |
Completed reviews |
Genart Last Call review of -14
by Tim Evens
(diff)
Secdir Last Call review of -14 by Yaron Sheffer (diff) Iotdir Telechat review of -14 by Eve Schooler (diff) |
|
Assignment | Reviewer | Yaron Sheffer |
State | Completed | |
Request | Last Call review on draft-ietf-cbor-7049bis by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/gGX-FMhIabo5TQjkl6ptenW3nzk | |
Reviewed revision | 14 (document currently at 16) | |
Result | Has nits | |
Completed | 2020-08-10 |
review-ietf-cbor-7049bis-14-secdir-lc-sheffer-2020-08-10-00
This is an editorial, fully compatible update of RFC 7049 (the CBOR encoding). The Security Considerations have been significantly expanded, and they make sense to me. However, while the prose is all sensible, it doesn't seem like the best practical guidance for implementers. I would have appreciated a bullet list of potential implementation pitfalls, as well as a bullet list of decoder validation capabilities, such as are alluded to by the last sentence of the section. Upon a quick read, it is not even clear to me which parts of Sec. 5 are required/expected in a validating-mode decoder.