[secdir] Review of draft-ietf-sidr-ghostbusters-14

Shawn Emery <shawn.emery@oracle.com> Sun, 16 October 2011 06:34 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A78811E8085; Sat, 15 Oct 2011 23:34:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7uolJ72UvpKB; Sat, 15 Oct 2011 23:34:35 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by ietfa.amsl.com (Postfix) with ESMTP id 0615411E8082; Sat, 15 Oct 2011 23:34:34 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by acsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p9G6YWmi006933 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 16 Oct 2011 06:34:34 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p9G6YUAv017255 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 16 Oct 2011 06:34:32 GMT
Received: from abhmt112.oracle.com (abhmt112.oracle.com [141.146.116.64]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p9G6YOZr015245; Sun, 16 Oct 2011 01:34:25 -0500
Received: from [10.159.208.113] (/10.159.208.113) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sat, 15 Oct 2011 23:34:24 -0700
Message-ID: <4E9A7AC9.1000803@oracle.com>
Date: Sun, 16 Oct 2011 00:33:45 -0600
From: Shawn Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:6.0.2) Gecko/20110923 Thunderbird/6.0.2
MIME-Version: 1.0
To: secdir@ietf.org
References: <4E1EA3BF.1060604@oracle.com>
In-Reply-To: <4E1EA3BF.1060604@oracle.com>
X-Forwarded-Message-Id: <4E1EA3BF.1060604@oracle.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090203.4E9A7AFA.0088:SCFMA922111,ss=1,re=-4.000,fgs=0
Cc: draft-ietf-sidr-ghostbusters.all@toosl.ietf.org, iesg@ietf.org
Subject: [secdir] Review of draft-ietf-sidr-ghostbusters-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Oct 2011 06:34:35 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments.

This standards track draft describes a new record that allows a Resource 
Public Key Infrastructure (RPKI) user the ability to look up a point of 
contact for notification of current or eventual issues (e.g. certificate 
expiration along a path to the trust anchor).

The security considerations section does exist and states that there is 
no OTW protocol implication.  It goes on to state that Ghostbuster 
Records could provide information for telemarketers and spammers.  
However, this is no different from what already exists in whois data, 
for example.

General comments:

I love the name of this draft, quite fitting ;)

Thank you for the background reading section, lots of reading but very 
helpful.

Editorial comments:

s/who responsible a the CA/who is responsible for the CA/
s/a NOC, ..../NOC, etc./

Shawn.
--