[secdir] Secdir last call review of draft-ietf-cbor-7049bis-14
Yaron Sheffer via Datatracker <noreply@ietf.org> Mon, 10 August 2020 09:00 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D1893A1414; Mon, 10 Aug 2020 02:00:55 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yaron Sheffer via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: cbor@ietf.org, last-call@ietf.org, draft-ietf-cbor-7049bis.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.13.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <159705005508.2366.4819563096010229406@ietfa.amsl.com>
Reply-To: Yaron Sheffer <yaronf.ietf@gmail.com>
Date: Mon, 10 Aug 2020 02:00:55 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/gGX-FMhIabo5TQjkl6ptenW3nzk>
Subject: [secdir] Secdir last call review of draft-ietf-cbor-7049bis-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 09:00:55 -0000
Reviewer: Yaron Sheffer Review result: Has Nits This is an editorial, fully compatible update of RFC 7049 (the CBOR encoding). The Security Considerations have been significantly expanded, and they make sense to me. However, while the prose is all sensible, it doesn't seem like the best practical guidance for implementers. I would have appreciated a bullet list of potential implementation pitfalls, as well as a bullet list of decoder validation capabilities, such as are alluded to by the last sentence of the section. Upon a quick read, it is not even clear to me which parts of Sec. 5 are required/expected in a validating-mode decoder.
- [secdir] Secdir last call review of draft-ietf-cb… Yaron Sheffer via Datatracker
- Re: [secdir] [Last-Call] Secdir last call review … Laurence Lundblade
- Re: [secdir] [Last-Call] Secdir last call review … Yaron Sheffer
- Re: [secdir] [Last-Call] Secdir last call review … Laurence Lundblade
- Re: [secdir] [Last-Call] Secdir last call review … Carsten Bormann
- Re: [secdir] [Last-Call] Secdir last call review … Yaron Sheffer
- Re: [secdir] [Last-Call] Secdir last call review … Carsten Bormann