[secdir] Secdir review of draft-ietf-geojson-text-sequence-03

Tero Kivinen <kivinen@iki.fi> Thu, 19 January 2017 10:14 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98BF2129428; Thu, 19 Jan 2017 02:14:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ljBgU7jOaIQG; Thu, 19 Jan 2017 02:14:04 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DACA6128B37; Thu, 19 Jan 2017 02:14:00 -0800 (PST)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v0JADtIl005480 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 19 Jan 2017 12:13:55 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v0JADtL0018738; Thu, 19 Jan 2017 12:13:55 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <22656.37219.134711.16896@fireball.acr.fi>
Date: Thu, 19 Jan 2017 12:13:55 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-geojson-text-sequence.all@ietf.org
X-Edit-Time: 11 min
X-Total-Time: 5 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/VYWPk-x35KWTKhQmlkgFhnOmaEU>
Subject: [secdir] Secdir review of draft-ietf-geojson-text-sequence-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2017 10:14:05 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: This draft is ready.

This draft specifies how the text sequences in json can be used for
geographic data. Text sequences are way of splitting json in to pieces
so they can be parsed in smaller increments, and not requiring either
reading large json in and parsing it as one block, or using streaming
parser for json. Security considerations section refers to the
security considerations of json text sequences and geojson format.

I can see this helping in the security as writing streaming json
parser is much harder than normal json parser, and this allows using
normal json parser (which might have fixed max size for the input json
they accept) to be used even when processing very large datasets.
-- 
kivinen@iki.fi