Skip to main content

Last Call Review of draft-ietf-mediaman-toplevel-03

Request Review of draft-ietf-mediaman-toplevel
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2023-09-11
Requested 2023-08-28
Authors Martin J. Dürst
I-D last updated 2023-10-19
Completed reviews Intdir Last Call review of -03 by Antoine Fressancourt (diff)
Secdir Last Call review of -03 by Radia Perlman (diff)
Assignment Reviewer Radia Perlman
State Completed
Request Last Call review on draft-ietf-mediaman-toplevel by Security Area Directorate Assigned
Posted at
Reviewed revision 03 (document currently at 05)
Result Ready
Completed 2023-10-12
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

I would classify this document as "no issues".

In the list of MIME types (which we're now supposed to call "Media Types"
to reflect the fact that they are not just for email anymore), there are
hierarchical names for the various types including things like
"application/pkix-cert" or "image/bmp". There are thousands of IANA
registered types like this under a handful of top level types:










This document describes under what circumstances one would want to create a
new top level media type (as opposed to a new subtype under one of the
existing types). This document does not make it unambiguous as to what the
best approach is, and there is already a description in RFC 6838 which
seems adequate to me. It's not clear what the motivation for creating this
document now is, but as I said it is "mostly harmless".

It says under security considerations that it's up to the new type
specification to say what the security implications are for that type,
which seems about right to me.