Reviewer: Shawn Emery Review result: Has Nits This informational draft specifies an IANA registry for the previously unpublished YAML media type and structured syntax suffix. YAML is a data serialization format used for combining one or more documents into one file or network resource. The security considerations section refers to section 4.6 of RFC 6838 and possible exploits regarding arbitrary code execution from YAML tags, DoS through infinite or high recursion, and DoS through the partial processing of YAML streams. I do agree with each of the mitigations prescribed for the aforementioned exploits, but it does seem counterintuitive to me to validate all the documents in the stream before processing. Does this defeat the purpose of streaming? General Comments: The FAQ section helped me to understand why some of these design decisions were made, thank you. Editorial Comments: s/Security considerations: See Section 2.1/Security considerations: See Section 4/ s/impact on the/impact the/ s/serialize it JSON/serialize it in JSON/ s/details: this/details, which/ -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
