Reviewer: Yoav Nir Review result: Has Nits Greetings The document defines a CBOR-encoded problem details structure, similar to the JSON- or XML-encoded structure defined in RFC 7807. As such, the security considerations for it mostly mirror those of RFC 7807, and that is all that the Security Considerations section says. Following this reference, the Security Considerations section of 7807 urges caution when defining new problem types for fear of leaking sensitive information in the relevant fields of new types. There is, however, a difference between 7807 and this document. In 7807 different problems are identified by "type". In this document, there is no explicit type. Instead, there are basic details that are defined, plus a registry of standard and custom extra attributes that can be defined. The security considerations section in 7807 is phrased in terms of new types. Security considerations text written specifically for this documentation would not mention new types (which don't exist), but new detail entries. Still, the message would be the same. When defining new detail entries, care should be taken that they do not leak sensitive information. Yet because of the difference, I believe that the text should be written specifically for this document, not just referenced from 7807. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
