Re: [Last-Call] Genart last call review of draft-ietf-cbor-cddl-control-05

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Carsten,

Thanks for the reply and changes, they look good to me.

On 9/17/21 8:28 AM, Carsten Bormann wrote:
Section 7 (Security considerations):
Can there be any additional security concerns if CDDL specifications can
contain ABNF or "arbitrary" features? While this document obviously can't go
into specifics, maybe it's worth calling out that one needs to pay specific
attention if these control operators are used.
Isn’t that true for any extension to any language?
I’d prefer to highlight specific security considerations when I’m aware of them.

Probably true, but I guess I prefer to state the obvious, especially when it comes to security, to be safer rather than sorry. Also I like it when a document that "builds" on another document still shows that the authors considered the implications of what they added.

That said, I won't argue with your reasoning :)


Nits/editorial comments:

Section 2.2
"concatenating the target text string ""foo"""
Is foo intended to be in two double quotes, or should there only be one pair of
quotes?
This is an artifact of the way xml2rfc handles <tt> elements.
There currently is no way to mark the document up in a way such that both plain text and html versions look good, and I opted to prefer the HTML to look good (and correct).
(RFC 8949 has a long explanation in several paragraphs of Section 1.2 how the plain text sometimes will look weird; I was hoping I wouldn’t have to repeat this here.)
There is a proposed change to xml2rfc that will change the specifics, so I would like to wait for how that plays out before making changes.


Section 3
"by defining a ".abnf" control operator"
Should this say 'an ".abnf" control operator' instead?
Actually, we say out loud “dot a b n f control operator”, so “a” corresponds to the speech pattern.

Thanks, I learned something in both of these cases.

Best,
Theresa

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux