Last Call Review of draft-ietf-geojson-02
review-ietf-geojson-02-secdir-lc-shore-2016-05-26-00
Request | Review of | draft-ietf-geojson |
---|---|---|
Requested revision | No specific revision (document currently at 04) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2016-05-31 | |
Requested | 2016-05-19 | |
Authors | H. Butler , M. Daly , A. Doyle , Sean Gillies , T. Schaub , Stefan Hagen | |
I-D last updated | 2016-05-26 | |
Completed reviews |
Genart Last Call review of -02
by Meral Shirazipour
(diff)
Secdir Last Call review of -02 by Melinda Shore (diff) |
|
Assignment | Reviewer | Melinda Shore |
State | Completed | |
Request | Last Call review on draft-ietf-geojson by Security Area Directorate Assigned | |
Reviewed revision | 02 (document currently at 04) | |
Result | Has issues | |
Completed | 2016-05-26 |
review-ietf-geojson-02-secdir-lc-shore-2016-05-26-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. (note: I was assigned the -02 revision of the document, but the -03 version was just issued and I am reviewing that). Summary: this document is ready, with minor issues This document describes a JSON format for representing geospatial data. It recommends a single coordinate reference system and does not appear to be readily extensible to other coordinate reference systems, but I'll assume that this has been addressed and resolved by the responsible AD, etc. if it's actually a problem. The security considerations section is brief and refers the reader to the core JSON specification. The second paragraph of the security considerations sections may have minor issues in that it says "if sensitive data requires privacy or integrity protection the service must be provided externally." It may be appropriate, and provide additional clarity, to distinguish between protection of data in flight and data at rest (the IETF does not typically deal with protection of the latter). It may be sufficient to make the word "externally" go away and replace it with something more specific - for example, "if sensitive data require privacy or integrity protection those must be provided by the transport, for example TLS or HTTPS." Otherwise, looks ready. Melinda