Last Call Review of draft-ietf-cbor-edn-literals-09
review-ietf-cbor-edn-literals-09-secdir-lc-shekh-yusef-2024-05-27-00
Request | Review of | draft-ietf-cbor-edn-literals |
---|---|---|
Requested revision | No specific revision (document currently at 12) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2024-06-05 | |
Requested | 2024-05-22 | |
Authors | Carsten Bormann | |
I-D last updated | 2024-05-27 | |
Completed reviews |
Opsdir Last Call review of -09
by Linda Dunbar
(diff)
Genart Last Call review of -09 by Joel M. Halpern (diff) Secdir Last Call review of -09 by Rifaat Shekh-Yusef (diff) |
|
Assignment | Reviewer | Rifaat Shekh-Yusef |
State | Completed | |
Request | Last Call review on draft-ietf-cbor-edn-literals by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/mJ48Y2vyRoNSnHfXR12tsz0lo7U | |
Reviewed revision | 09 (document currently at 12) | |
Result | Has nits | |
Completed | 2024-05-27 |
review-ietf-cbor-edn-literals-09-secdir-lc-shekh-yusef-2024-05-27-00
In CBOR, Extended Diagnostic Notation (EDN) is a diagnostic format, that is used to facilitate documentation and debugging. RFC8949, section 8, explicitly states these diagnostics are not meant to be parsed, which means that these diagnostics do not introduce any new security issues. This document describes how to add application specific extensions to EDN. The security section of this draft does not discuss the implication of this directly, but instead points to RFC8610 and RFC8949. Because, as stated above, these diagnostics are not meant to be parsed, this document implies that there are no new security implications associated with these new extensions. If this is the case, it would be nice to add a sentence or two to help the reader get to this conclusion directly, instead of just pointing the reader to the other documents.