Skip to main content

Last Call Review of draft-ietf-cbor-edn-literals-09
review-ietf-cbor-edn-literals-09-secdir-lc-shekh-yusef-2024-05-27-00

Request Review of draft-ietf-cbor-edn-literals
Requested revision No specific revision (document currently at 12)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-06-05
Requested 2024-05-22
Authors Carsten Bormann
I-D last updated 2024-05-27
Completed reviews Opsdir Last Call review of -09 by Linda Dunbar (diff)
Genart Last Call review of -09 by Joel M. Halpern (diff)
Secdir Last Call review of -09 by Rifaat Shekh-Yusef (diff)
Assignment Reviewer Rifaat Shekh-Yusef
State Completed
Request Last Call review on draft-ietf-cbor-edn-literals by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/mJ48Y2vyRoNSnHfXR12tsz0lo7U
Reviewed revision 09 (document currently at 12)
Result Has nits
Completed 2024-05-27
review-ietf-cbor-edn-literals-09-secdir-lc-shekh-yusef-2024-05-27-00
In CBOR, Extended Diagnostic Notation (EDN) is a diagnostic format, that is
used to facilitate documentation and debugging.

RFC8949, section 8, explicitly states these diagnostics are not meant to be
parsed, which means that these diagnostics do not introduce any new security
issues.

This document describes how to add application specific extensions to EDN. The
security section of this draft does not discuss the implication of this
directly, but instead points to RFC8610 and RFC8949. Because, as stated above,
these diagnostics are not meant to be parsed, this document implies that there
are no new security implications associated with these new extensions.

If this is the case, it would be nice to add a sentence or two to help the
reader get to this conclusion directly, instead of just pointing the reader to
the other documents.