[secdir] Secdir last call review of draft-ietf-cbor-edn-literals-09
Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org> Mon, 27 May 2024 14:10 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DE51C18DBB4; Mon, 27 May 2024 07:10:48 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.13.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171681904824.4732.13257098186796399236@ietfa.amsl.com>
Message-ID-Hash: LX2HUWOJFMUD6D3ENC67B32CQWDICK43
X-Message-ID-Hash: LX2HUWOJFMUD6D3ENC67B32CQWDICK43
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: cbor@ietf.org, draft-ietf-cbor-edn-literals.all@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Subject: [secdir] Secdir last call review of draft-ietf-cbor-edn-literals-09
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mJ48Y2vyRoNSnHfXR12tsz0lo7U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Date: Tue, 28 May 2024 07:47:23 -0000
X-Original-Date: Mon, 27 May 2024 07:10:48 -0700
Reviewer: Rifaat Shekh-Yusef Review result: Has Nits In CBOR, Extended Diagnostic Notation (EDN) is a diagnostic format, that is used to facilitate documentation and debugging. RFC8949, section 8, explicitly states these diagnostics are not meant to be parsed, which means that these diagnostics do not introduce any new security issues. This document describes how to add application specific extensions to EDN. The security section of this draft does not discuss the implication of this directly, but instead points to RFC8610 and RFC8949. Because, as stated above, these diagnostics are not meant to be parsed, this document implies that there are no new security implications associated with these new extensions. If this is the case, it would be nice to add a sentence or two to help the reader get to this conclusion directly, instead of just pointing the reader to the other documents.
- [secdir] Secdir last call review of draft-ietf-cb… Rifaat Shekh-Yusef via Datatracker
- [secdir] Re: [Cbor] Secdir last call review of dr… Carsten Bormann