[Geojson] Stephen Farrell's No Objection on draft-ietf-geojson-03: (with COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Wed, 01 June 2016 10:21 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: geojson@ietf.org
Delivered-To: geojson@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1])
by ietfa.amsl.com (Postfix) with ESMTP id 3C0F612D098;
Wed, 1 Jun 2016 03:21:24 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.21.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160601102124.16044.92023.idtracker@ietfa.amsl.com>
Date: Wed, 01 Jun 2016 03:21:24 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/geojson/Ct8L42V8-eOfYLnCbOShrHSsJjU>
Cc: draft-ietf-geojson@ietf.org, martin.thomson@gmail.com,
geojson-chairs@ietf.org, geojson@ietf.org
Subject: [Geojson] Stephen Farrell's No Objection on draft-ietf-geojson-03:
(with COMMENT)
X-BeenThere: geojson@ietf.org
X-Mailman-Version: 2.1.17
List-Id: IETF GeoJSON WG <geojson.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/geojson>,
<mailto:geojson-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/geojson/>
List-Post: <mailto:geojson@ietf.org>
List-Help: <mailto:geojson-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geojson>,
<mailto:geojson-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2016 10:21:24 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-geojson-03: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-geojson/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - The last bullet of section 3 says "any number of other members" and in general there are no limits here on size or complexity of the objects. (There are some should statements, which is good.) I wonder if there's a potential DoS vector there? Speculating, a DoS couuld be based on the CPU if calculations based on the object are complex, or it could be based on the size of the object being VERY BIG. Are either of those realistic? (I'm not saying they are, just asking.) I'm guessing it'd not make sense to have a max size to these things, but is there any guidance that you could offer to implementers or would it be good to say that implementations SHOULD have some maximum size (I don't care how you'd want to measure that) with a recommendation that it be able to handle things up to at least some nominated size? (Section 11.2 does talk about this for senders/creators but says nothing for recipients/readers.) - Section 10: I'd say it'd be good to add a reference to something that describes some of the privacy issues with objects such as these, and with potential mitigations, but more importantly calling out that naively "fuzzing" boundaries may not be as effective as seems at first the case. I took a quick look and didn't find anything that seems really good but maybe something like [1] would be a good reference. [1] http://www.sebastianzimmeck.de/riedererEtAlPhotograph2015ShortPaper.pdf
- [Geojson] Stephen Farrell's No Objection on draft… Stephen Farrell