Hi Christian, thank you for this review. > On 2023-08-09, at 22:43, Christian Huitema via Datatracker <noreply@xxxxxxxx> wrote: > […] > I suppose that the registration phase would provide an opportunity to document > security or privacy issues associated with new target attributes, and that any > such issues would be outlined in the expert review. Hopefully. The instructions to the expert already call out security, but not specifically privacy considerations. We could also strengthen the text slightly from a set of what are now just two examples, to more explicit instructions. But then the CoRE WG is quite security-minded, and I’m also with Jim Schaad that experts are "are being designated as experts for a reason, so they should be given substantial latitude” (RFC 8152). On the registrant’s side, RFC 8126 also gives us the possibility to make security (and, analogously, I think privacy) considerations a part of the registration information, maybe preferably in the specification that is (almost) required or separately for the exceptional cases where it isn't. Since I’m just about to go on vacation, I cannot generate text right now; maybe the Security ADs can pick up this observation and guide us which direction any text changes should go. Grüße, Carsten -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
