This document describes the results of applying several errata to the CDDL specification.

I concur with the Security Considerations section that the current document likely has zero security implications beyond what's in RFC 8610.

I am clearly in the rough, but I'll say it anyway: from an implementer's perspective, a document that repeats all of RFC 8610 with the errata implemented (and clearly marked) would have been far superior to this one. Instead, we now require an implementer to read and keep in sync RFC 8610, RFC 9165 as well as the current document. 

Quoting from RFC 8610 itself: "Writers of CDDL specifications are strongly encouraged to value clarity and transparency of the specification over its elegance. Keep it as simple as possible while still expressing the needed data model."

This reviewer is of the opinion that having to juggle three documents is neither clear nor transparent.