[secdir] secdir review of draft-ietf-sidr-rfc6485bis
Sean Turner <sean@sn3rd.com> Thu, 22 October 2015 15:57 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01DEB1B388D for <secdir@ietfa.amsl.com>; Thu, 22 Oct 2015 08:57:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RobjXKdYBryB for <secdir@ietfa.amsl.com>; Thu, 22 Oct 2015 08:57:48 -0700 (PDT)
Received: from mail-yk0-x230.google.com (mail-yk0-x230.google.com [IPv6:2607:f8b0:4002:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92CC61B3887 for <secdir@ietf.org>; Thu, 22 Oct 2015 08:57:48 -0700 (PDT)
Received: by yknn9 with SMTP id n9so86906643ykn.0 for <secdir@ietf.org>; Thu, 22 Oct 2015 08:57:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-type:content-transfer-encoding:subject:message-id:date :to:mime-version; bh=ouZ2E2DolaKnQKLcTwkN7xWz/+r5ExmyRP3gZ//h3b4=; b=h/aiwuUx35iep4iogo9NNkCRaARZt7qq3p/aZZB86LFkcYCAAntf4/apJwARhEZ9AW hUpH2tNRZRqkptQCo/MXLKbtJwkJKabnvfIhSBUaRAiMB5EYBs8VJLgoZRCyMDvD2NQC 3x63hIe1hY7Li+MwQQSOQRXWXblRgSenPM34w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:content-transfer-encoding :subject:message-id:date:to:mime-version; bh=ouZ2E2DolaKnQKLcTwkN7xWz/+r5ExmyRP3gZ//h3b4=; b=AbDl2w0iLWmFA8ogbqbANn2LPuJJUo/f5twSpJbYcf1Lv98RZbuE/pBujruNgXFhct QxoO8FSdHktJc2qyrBQjV9zd15tXzhjvmDhIZF8a5spLYJ11nmHqAb4f/gqiNoMFIIcB F00/2etfCm4IioarJGTG+fSRuKE4Zy1iXiI31byZt2FT8tEJcKPUT3Xhy1/PTN0HIKve VIU3KQZ5qp/SEvZAPfQe+Cb44THySOiVZ51XcGRTJ8EphG3PUiEpGoHFsyJg9xR31LBE 5a5snAjFeStheO3W+RQM2M08xXD0tIPabMvcy3IGhEQyV5dzMnA8GVK+mC8NDzmA6Q2y +rTg==
X-Gm-Message-State: ALoCoQndJ0CI2Au4UNa3V0Ihouk/8A6wBniqsKv7kkg4IPDatjOtrBJJqpEAbrgRvVw1HQVSMH6t
X-Received: by 10.129.109.215 with SMTP id i206mr6988864ywc.50.1445529467745; Thu, 22 Oct 2015 08:57:47 -0700 (PDT)
Received: from [172.16.0.112] (pool-173-73-126-234.washdc.east.verizon.net. [173.73.126.234]) by smtp.gmail.com with ESMTPSA id x3sm3995338ywb.9.2015.10.22.08.57.46 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 22 Oct 2015 08:57:47 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <70786949-BB2E-4429-A436-EB7940EEE594@sn3rd.com>
Date: Thu, 22 Oct 2015 11:57:45 -0400
To: secdir@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-sidr-rfc6485bis.all@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/jU8NQhcFRy6vGio5hjS1x71Ebik>
Subject: [secdir] secdir review of draft-ietf-sidr-rfc6485bis
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2015 15:57:52 -0000
Fear not as this is just the secdir review! I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. draft summary: This bis document specifies crypto/CMS-related “stuff” for RPKI subscribers and relying parties: signature and hash algorithm parameters, public key formats, etc. It doesn’t define new algorithms it just says use these values from these other RFCs in this field or that field. The authors made it really easy for reviewers in that they included a list of all of the changes since RFC6485 in s8; thanks for that. There’s a few DOWNREFs in the draft, but they are all referenced in the IETF LC and I have no problem with the new one; two were already in the DOWNREF registry. secdir summary: We are go for launch! (i.e., ready) nit: There’s a stray “/>” in s6, but the RFC editor can fix that up. spt