Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: * Have Nits Details: * Typo in 1.5.2: -2^53+1 <= value <= 2^^53-1, the safe range for integers stored in a -- you probably don't want the double-^ here. * In 1.5.4, I'm confused about the difference between "type" and "@type". They both seem to be the "type of .. resource". Perhaps the differences are explained later. But it would behoove you to explain it a bit more here for those of us first coming to the spec. Once I got to 2.2.2 (name), where both are used, I THINK I see the difference: @type is used to specify the type of the object, whereas type is used to specify the sub-type of the data in the object. Personally I find this name overloading confusing. * Section 2.2 (and others, I'm sure), I'm curious why you repeat object-types under the data sections. For example, why repeat @type: Title under the heading "titles"? You already know you're in the titles section, so it seems redundant (and non-normalized). Also, what are you supposed to do if the @type doesn't match? For example: "titles": { "le9": { "@type": "Organization", "type": "title", "name": "Research Scientist" }, * Section 2.8.1 -- I finally found a place where @type is used as an object sub-type, to declare whether a date is a PartialDate or Timestamp -- but I don't see why you need to use @type vs type here. It seems to me you should use type to declare what kind of date it is, not @type. * Section 2.8.3 -- Even here, you say @type is mandatory, but it doesn't exist in the example in Figure 34! But this goes back to my previous comment that I think @type is redundant. You already know you're dealing with notes so why add the @type:Note? Note: I did not read through the IANA Registry sections thoroughly. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant