Last Call Review of draft-ietf-opsawg-9092-update-09
review-ietf-opsawg-9092-update-09-secdir-lc-hollebeek-2024-01-26-00

Request Review of draft-ietf-opsawg-9092-update
Requested revision No specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2023-11-06
Requested 2023-10-23
Requested by Joe Clarke
Authors Randy Bush , Massimo Candela , Warren "Ace" Kumari , Russ Housley
I-D last updated 2024-01-26
Completed reviews Genart Last Call review of -09 by Christer Holmberg (diff)
Intdir Last Call review of -06 by Sheng Jiang (diff)
Opsdir Last Call review of -06 by Bo Wu (diff)
Secdir Last Call review of -09 by Tim Hollebeek (diff)
Artart Last Call review of -09 by Spencer Dawkins (diff)
Assignment Reviewer Tim Hollebeek
State Completed
Request Last Call review on draft-ietf-opsawg-9092-update by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/SsO_q2K_NaQaNwb6oBuuk6KkGhk
Reviewed revision 09 (document currently at 11)
Result Has nits
Completed 2024-01-26
review-ietf-opsawg-9092-update-09-secdir-lc-hollebeek-2024-01-26-00
The document is extremely well written ... I didn't find too much to comment
on, despite looking pretty closely at the key management and signing aspects.

I just have two nits:

(1) The following paragraph appears twice in the document (looks like just a
copy/paste error when moving stuff around):

"Identifying the private key associated with the certificate and
   getting the department that controls the private key (which might be
   stored in a Hardware Security Module (HSM)) to generate the CMS
   signature is left as an exercise for the implementor.  On the other
   hand, verifying the signature has no similar complexity; the
   certificate, which is validated in the public RPKI, contains the
   needed public key."

(2) Section 6, paragraph 5: is this intended to be a RFC 2119 "MAY"?  If so,
capitalize.  If not, avoid the word.