Last Call Review of draft-ietf-cbor-update-8610-grammar-05
review-ietf-cbor-update-8610-grammar-05-secdir-lc-sheffer-2024-05-26-00

Request Review of draft-ietf-cbor-update-8610-grammar
Requested revision No specific revision (document currently at 06)
Type IETF Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-06-05
Requested 2024-05-22
Authors Carsten Bormann
I-D last updated 2024-11-18 (Latest revision 2024-06-24)
Completed reviews Genart IETF Last Call review of -05 by Roni Even (diff)
Artart IETF Last Call review of -05 by Gonzalo Salgueiro (diff)
Secdir IETF Last Call review of -05 by Yaron Sheffer (diff)
Assignment Reviewer Yaron Sheffer
State Completed
Request IETF Last Call review on draft-ietf-cbor-update-8610-grammar by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/q2xPfbzchXFBcADTnJl_4FMhmT0
Reviewed revision 05 (document currently at 06)
Result Ready
Completed 2024-05-26
review-ietf-cbor-update-8610-grammar-05-secdir-lc-sheffer-2024-05-26-00
This document describes the results of applying several errata to the CDDL
specification.

I concur with the Security Considerations section that the current document
likely has zero security implications beyond what's in RFC 8610.

I am clearly in the rough, but I'll say it anyway: from an implementer's
perspective, a document that repeats all of RFC 8610 with the errata
implemented (and clearly marked) would have been far superior to this one.
Instead, we now require an implementer to read and keep in sync RFC 8610, RFC
9165 as well as the current document.

Quoting from RFC 8610 itself: "Writers of CDDL specifications are strongly
encouraged to value clarity and transparency of the specification over its
elegance. Keep it as simple as possible while still expressing the needed data
model."

This reviewer is of the opinion that having to juggle three documents is
neither clear nor transparent.