Last Call Review of draft-ietf-core-senml-more-units-02
review-ietf-core-senml-more-units-02-secdir-lc-smyslov-2019-10-22-00

Request Review of draft-ietf-core-senml-more-units
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-10-30
Requested 2019-10-16
Authors Carsten Bormann
Draft last updated 2019-10-22
Completed reviews Genart Last Call review of -02 by Linda Dunbar (diff)
Secdir Last Call review of -02 by Valery Smyslov (diff)
Assignment Reviewer Valery Smyslov
State Completed
Review review-ietf-core-senml-more-units-02-secdir-lc-smyslov-2019-10-22
Posted at https://mailarchive.ietf.org/arch/msg/secdir/onRL1bwBWYgIBn62h_w0MufNztc
Reviewed rev. 02 (document currently at 04)
Review result Ready
Review completed: 2019-10-22

Review
review-ietf-core-senml-more-units-02-secdir-lc-smyslov-2019-10-22

Reviewer: Valery Smyslov	
Review result: Ready

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This is a short document that defines additional measurement units
and subunits to be used in SenML (RFC8428). As such the primary
purpose of the document is to request IANA to update "SenML Units" 
registry and to create a new one - a "secondary units" sub-registry.

The document doesn't define any actual protocol. The Security
Considerations section refers to RFC8428, since introduction
of new measurement units is believed to not bring any 
new security implications.


Nit (not related to security). In para:

   SenML packs MAY, but SHOULD NOT, use secondary units in place of
   SenML units, where the exception of the "SHOULD NOT" lies in the
   context of specific existing data models that are based on these
   secondary units.

I think that uppercase "MAY" is redundant here, because using 
"SHOULD NOT" always assumes that there may be exceptions.