[Cbor] Roman Danyliw's No Objection on draft-ietf-cbor-7049bis-14: (with COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 08 September 2020 21:55 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: cbor@ietf.org
Delivered-To: cbor@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C1373A1536; Tue, 8 Sep 2020 14:55:24 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-cbor-7049bis@ietf.org, cbor-chairs@ietf.org, cbor@ietf.org, Francesca Palombini <francesca.palombini@ericsson.com>, francesca.palombini@ericsson.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.16.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <159960212460.14731.6166470610948655056@ietfa.amsl.com>
Date: Tue, 08 Sep 2020 14:55:24 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/9-6c1k8eiUrH7nEeCexmkLkWoYA>
Subject: [Cbor] Roman Danyliw's No Objection on draft-ietf-cbor-7049bis-14: (with COMMENT)
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 21:55:31 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-cbor-7049bis-14: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-cbor-7049bis/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I support Ben Kaduk’s DISCUSS position.

** Section 1.0. Is it possible to enumerate the fixed errata?

** Section 3.4.5.3.  For Tag 35, how does one know if the syntax is a PCRE or
ECMA regular expression?

** Section 3.4.5.3.  PCRE is the only informative reference of all of the tags
defined in this section (even ECMA is normative).  Please make it normative.

** Section 4.1.  As an implementer of an application, what is the take away
from this section?  I’m not following on the definition of “preferred”.

** Section 10.  Per “The input check itself may consume resources.  This is
usually linear in the size of the input, which means that an attacker has to
spend resources that are commensurate to the resources spent by the defender on
input validation.”  I’m not sure this is true for all types of resources.  For
example, with compute resources, as an attacker I can craft an input that will
take longer for the target to process then for me to produce.