Last Call Review of draft-wilde-json-seq-suffix-00
review-wilde-json-seq-suffix-00-secdir-lc-kumari-2016-12-01-00

Request Review of draft-wilde-json-seq-suffix
Requested rev. no specific revision (document currently at 03)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-12-08
Requested 2016-11-17
Authors Erik Wilde
Draft last updated 2016-12-01
Completed reviews Genart Last Call review of -02 by Peter Yee (diff)
Secdir Last Call review of -00 by Warren Kumari (diff)
Opsdir Last Call review of -01 by Al Morton (diff)
Assignment Reviewer Warren Kumari
State Completed
Review review-wilde-json-seq-suffix-00-secdir-lc-kumari-2016-12-01
Reviewed rev. 00 (document currently at 03)
Review result Has Issues
Review completed: 2016-12-01

Review
review-wilde-json-seq-suffix-00-secdir-lc-kumari-2016-12-01

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: I do not think that it is ready (see below), but presumably there
is some backstory that I'm not aware of, or it wouldn't be here.

I don't see any *security* issues, but the document is very unclear.
It *looks* like it just tries to add "+json-seq" to the IANA Structured
Syntax Suffix Registry, but I don't see why it is Standards Track, or why
it need to be an RFC at all;  the registry is Expert Review, and RFC 6838
Section 6 seems clear.

Other issues:
It does not contain a Security Considerations section, and there are a
number of broken references (e.g: it says: "Online access to all versions
and files is available on github [2]." - but [2] is a link to:
http://www.rfc-editor.org/info/rfc6838)

It is a -00, submitted Sept 23rd 2016, and the document on which it was
based (draft-json-seq-suffix-00) was also a -00, submitted Sept 19th 2016.
The only changes between the 2 are the metadata (name, date). There has
been basically no discussion (at least, that I can find), closest is:
https://mailarchive.ietf.org/arch/search/?email_list=art&index=AxC0J7zxKU_wH1jOrkZ0ZZUUcs4
 ?

I *think* that it is simply trying to add "+json-seq" to the IANA
Structured Syntax Suffix Registry (
http://www.iana.org/assignments/media-type-structured-suffix/media-type-structured-suffix.xhtml)
-- unfortunately it does this very poorly.

It starts off by saying (note tense): "IANA has added the following
"+json-seq" structured syntax suffix to its registry of structured syntax
suffixes established by [2]".
[2] references to RFC 6838 - "Media Type Registration", which creates a
number of registries - while looking I found "
http://www.iana.org/assignments/media-types/media-types.xhtml", which does
indeed have "json-seq". Because of the "IANA has added" I assumed that this
was what was being referenced.
The IANA considerations section needs work...

Nits:
Section 1:
how a media type can signal that it is based on another media type as [O]
way of how a media type can signal [P] way for a media type to signal [R]
readability; original was a bit awkward

Section 3:
Applications encountering such a media type then can either simply
[O] then can either
[P] can then either
[R] readability

W