Re: [secdir] secdir review of draft-ietf-json-rfc4627bis-07
Tobias Gondrom <tobias.gondrom@gondrom.org> Wed, 18 December 2013 15:55 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6ED71ADFFC; Wed, 18 Dec 2013 07:55:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.538
X-Spam-Level:
X-Spam-Status: No, score=-102.538 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sjEpx2ppis94; Wed, 18 Dec 2013 07:55:52 -0800 (PST)
Received: from www.gondrom.org (www.gondrom.org [91.250.114.153]) by ietfa.amsl.com (Postfix) with ESMTP id 0DC781ADFF7; Wed, 18 Dec 2013 07:55:52 -0800 (PST)
X-No-Relay: not in my network
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=yipxf3hjfOwzbUkDAb4Y1zun+EGOv1ANmsIcRriJLIkIaU2GzKClBqZMh4ZQpC20BdrrUEcaQ19kGmK935PtxKCt+hj1z/kCnVniKm9ApwmKX0lWZEy4CXHIvM5nC28ByKa6PlchFunZb3Q1mwVfkwwBWkeZ5AC+Ai9RS5A/Wdo=; h=X-No-Relay:X-No-Relay:X-No-Relay:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type;
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
Received: from [192.168.0.4] (2e40e8fb.skybroadband.com [46.64.232.251]) by www.gondrom.org (Postfix) with ESMTPSA id 008FC15390052; Wed, 18 Dec 2013 16:55:48 +0100 (CET)
Message-ID: <52B1C584.5060907@gondrom.org>
Date: Wed, 18 Dec 2013 15:55:48 +0000
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: draft-ietf-json-rfc4627bis.all@tools.ietf.org
References: <52101187.2060409@gondrom.org> <5293E22B.90705@gondrom.org> <52A2257C.30700@gondrom.org>
In-Reply-To: <52A2257C.30700@gondrom.org>
X-Enigmail-Version: 1.6
Content-Type: multipart/alternative; boundary="------------080001010800070601020407"
Cc: secdir-secretary@mit.edu, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-json-rfc4627bis-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2013 15:55:55 -0000
Hi all, I re-reviewed the new doc version and did not see any changes related to my comments nor did I receive any direct replies from the authors. (note: this might well be due to some technical errors on the IETF mail server, which I think is fixed now.) As I am not sure whether my review email was received by the authors, here it is again. Best regards, Tobias as I am not sure whether these On 06/12/13 19:29, Tobias Gondrom wrote: > Hi all, > as it seems my previous review email was not relayed to the secdir and > iesg mailing-lists. Here it is again. > Best regards, Tobias > > > On 25/11/13 23:50, Tobias Gondrom wrote: >> I have reviewed this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the >> IESG. These comments were written primarily for the benefit of the >> security area directors. Document editors and WG chairs should treat >> these comments just like any other last call comments. >> >> >> The document updates RFC4627 and aims for Standards Track. >> It is about the JSON Data Interchange Format >> >> This document appears ready for publication. >> >> It is good that we make the effort to incorporate the existing errata >> into an updated RFC. >> >> Some small nits / thoughts (as comments, none of them a discuss): >> - section 1: you briefly explain strings, objects and arrays. Do you >> maybe also want to make a brief statement about the range of allowed >> numbers or point towards section 6? (though this is not absolutely >> necessary as you discuss the data types in more detail in section 4-7). >> >> - section 12. Security Considerations: >> second paragraph: the point about the "eval()" function is a bit >> shallow, it might be useful to discuss this a bit more and to spell >> out what would be best practice instead of "use that language's >> "eval()" function to parse JSON texts." as that "generally >> constitutes an unacceptable security risk" >> >> - section 1 or 2: >> it might be useful to spell out what exactly the most important >> changes are in comparison to 4627 and why. Or mention that this would >> be discussed in detail in Appendix A. >> >> >> Best regards, Tobias >
- [secdir] secdir review of draft-ietf-tsvwg-sctp-s… Tobias Gondrom
- Re: [secdir] secdir review of draft-ietf-json-rfc… Tobias Gondrom
- Re: [secdir] secdir review of draft-ietf-json-rfc… Paul Hoffman
- [secdir] secdir review of draft-ietf-dane-registr… Tobias Gondrom
- Re: [secdir] secdir review of draft-ietf-dane-reg… Olafur Gudmundsson
- Re: [secdir] secdir review of draft-ietf-dane-reg… Tobias Gondrom