[core] Secdir telechat review of draft-ietf-core-senml-more-units-05

Valery Smyslov via Datatracker <noreply@ietf.org> Thu, 20 February 2020 12:37 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: core@ietf.org
Delivered-To: core@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 639681200F7; Thu, 20 Feb 2020 04:37:05 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Valery Smyslov via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: last-call@ietf.org, draft-ietf-core-senml-more-units.all@ietf.org, core@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.118.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Valery Smyslov <valery@smyslov.net>
Message-ID: <158220222533.12408.17424909984121572707@ietfa.amsl.com>
Date: Thu, 20 Feb 2020 04:37:05 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/9OYdLEpAn6Z2qjF8NocPBnvh_pg>
Subject: [core] Secdir telechat review of draft-ietf-core-senml-more-units-05
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Feb 2020 12:37:06 -0000

Reviewer: Valery Smyslov
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

For some reason I've got the assignment to re-review this document past its
deadline (I've got the assignment today, 20 February, and the indicated
deadline for the review is 18 February, so I'm not sure whether this review is
still useful).

Anyway, the document has received some changes from -02 version which I
reviewed last time. In particular, Security Considerations section is enhanced
with the text describing a potential for a confusion about the proper unit to
use. While I'm not sure it's really a security condideration and not an
interoperability consideration, I agree that there are no additional threats
from security point of view.

And my concern about improper use of normative language is resolved.