Ben Campbell
2018-03-08 00:24:04 UTC
Ben Campbell has entered the following ballot position for
draft-ietf-core-object-security-09: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-core-object-security/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
I’m balloting “yes”, but I have a few very minor comments:
Substantive Comments:
§4.2.2, last paragraph: Why not specify that directly, rather than put a
normative requirements on new specifications?
Editorial and Nits:
§4.2.3.1, 2nd to last paragraph:
Last sentence is hard to parse.
§5, third paragraph:
I don’t think that spec claims “plaintext” means “data that is encrypted and
integrity protected”. I think it means “ the clear text input that will be
encrypted and integrity protected” (This could probably be fixed by changing
“data that is” to “data to be”.)
§8.1, last paragraph: The SHALL seems more like a statement of fact than a
requirement.
draft-ietf-core-object-security-09: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-core-object-security/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
I’m balloting “yes”, but I have a few very minor comments:
Substantive Comments:
§4.2.2, last paragraph: Why not specify that directly, rather than put a
normative requirements on new specifications?
Editorial and Nits:
§4.2.3.1, 2nd to last paragraph:
Last sentence is hard to parse.
§5, third paragraph:
I don’t think that spec claims “plaintext” means “data that is encrypted and
integrity protected”. I think it means “ the clear text input that will be
encrypted and integrity protected” (This could probably be fixed by changing
“data that is” to “data to be”.)
§8.1, last paragraph: The SHALL seems more like a statement of fact than a
requirement.