Skip to main content

Last Call Review of draft-ietf-core-target-attr-05

Request Review of draft-ietf-core-target-attr
Requested revision No specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2023-08-06
Requested 2023-07-23
Authors Carsten Bormann
I-D last updated 2023-08-09
Completed reviews Secdir Last Call review of -05 by Christian Huitema (diff)
Genart Last Call review of -05 by Peter E. Yee (diff)
Intdir Telechat review of -05 by Pascal Thubert (diff)
Assignment Reviewer Christian Huitema
State Completed
Request Last Call review on draft-ietf-core-target-attr by Security Area Directorate Assigned
Posted at
Reviewed revision 05 (document currently at 06)
Result Ready
Completed 2023-08-09
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written with the intent of improving
security requirements and considerations in IETF drafts.  Comments
not addressed in last call may be included in AD reviews during the
IESG review.  Document editors and WG chairs should treat these
comments just like any other last call comments.

Summary: Ready

I have reviewed version 5 of draft-ietf-core-target-attr. This draft defines
the registry of target attributes for CoRE links. As stated in the Security
Sections, the registry itself does not introduce new security issues. Those
should be analyzed as part of the web linking specification (RFC 8288), the
link format for CoRE (RFC 6990), CoAP (RFC 7252), the CoRE resource directory
(RFC 9176), or the specifications of newly defined attributes.

The draft does not propose to use the registry as a control point before new
target attributes can be used, which is probably realistic as new target
attributes could be introduced outside of the IETF purview. The registry is
then just used to register these attributes, in order to avoid name collisions.
I suppose that the registration phase would provide an opportunity to document
security or privacy issues associated with new target attributes, and that any
such issues would be outlined in the expert review. Hopefully.