[secdir] Secdir last call review of draft-ietf-cbor-7049bis-14

Yaron Sheffer via Datatracker <noreply@ietf.org> Mon, 10 August 2020 09:00 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yaron Sheffer via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: cbor@ietf.org, last-call@ietf.org, draft-ietf-cbor-7049bis.all@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <159705005508.2366.4819563096010229406@ietfa.amsl.com>
Reply-To: Yaron Sheffer <yaronf.ietf@gmail.com>
Date: Mon, 10 Aug 2020 02:00:55 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/gGX-FMhIabo5TQjkl6ptenW3nzk>
Subject: [secdir] Secdir last call review of draft-ietf-cbor-7049bis-14

Reviewer: Yaron Sheffer
Review result: Has Nits

This is an editorial, fully compatible update of RFC 7049 (the CBOR encoding).

The Security Considerations have been significantly expanded, and they make
sense to me. However, while the prose is all sensible, it doesn't seem like the
best practical guidance for implementers. I would have appreciated a bullet
list of potential implementation pitfalls, as well as a bullet list of decoder
validation capabilities, such as are alluded to by the last sentence of the
section. Upon a quick read, it is not even clear to me which parts of Sec. 5
are required/expected in a validating-mode decoder.

[secdir] Secdir last call review of draft-ietf-cb… Yaron Sheffer via Datatracker
Re: [secdir] [Last-Call] Secdir last call review … Laurence Lundblade
Re: [secdir] [Last-Call] Secdir last call review … Yaron Sheffer
Re: [secdir] [Last-Call] Secdir last call review … Laurence Lundblade
Re: [secdir] [Last-Call] Secdir last call review … Carsten Bormann
Re: [secdir] [Last-Call] Secdir last call review … Yaron Sheffer
Re: [secdir] [Last-Call] Secdir last call review … Carsten Bormann