Last Call Review of draft-ietf-geojson-02
review-ietf-geojson-02-secdir-lc-shore-2016-05-26-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

(note: I was assigned the -02 revision of the document, but the -03
version was just issued and I am reviewing that).

Summary: this document is ready, with minor issues

This document describes a JSON format for representing geospatial
data.  It recommends a single coordinate reference system and does
not appear to be readily extensible to other coordinate reference
systems, but I'll assume that this has been addressed and resolved
by the responsible AD, etc. if it's actually a problem.

The security considerations section is brief and refers the reader
to the core JSON specification.  The second paragraph of the
security considerations sections may have minor issues in that it
says "if sensitive data requires privacy or integrity protection the
service must be provided externally."  It may be appropriate, and
provide additional clarity, to distinguish between protection of
data in flight and data at rest (the IETF does not typically deal
with protection of the latter).  It may be sufficient to make the
word "externally" go away and replace it with something more specific -
for example,
    "if sensitive data require privacy or integrity protection
    those must be provided by the transport, for example TLS or
    HTTPS."

Otherwise, looks ready.

Melinda