Last Call Review of draft-ietf-sidr-bgpsec-pki-profiles-19
review-ietf-sidr-bgpsec-pki-profiles-19-secdir-lc-sheffer-2017-01-01-00
Request | Review of | draft-ietf-sidr-bgpsec-pki-profiles |
---|---|---|
Requested revision | No specific revision (document currently at 21) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2016-12-19 | |
Requested | 2016-12-05 | |
Authors | Mark Reynolds , Sean Turner , Stephen Kent | |
I-D last updated | 2017-01-01 | |
Completed reviews |
Genart Last Call review of -18
by Dale R. Worley
(diff)
Secdir Last Call review of -19 by Yaron Sheffer (diff) Opsdir Last Call review of -21 by Will (Shucheng) LIU Genart Telechat review of -19 by Dale R. Worley (diff) |
|
Assignment | Reviewer | Yaron Sheffer |
State | Completed | |
Request | Last Call review on draft-ietf-sidr-bgpsec-pki-profiles by Security Area Directorate Assigned | |
Reviewed revision | 19 (document currently at 21) | |
Result | Has nits | |
Completed | 2017-01-01 |
review-ietf-sidr-bgpsec-pki-profiles-19-secdir-lc-sheffer-2017-01-01-00
* 3.1.1: The serial number in RFC 6487 is still a real, unique serial number that uniquely identifies the certificate. Here it is used as something other than a serial number, which is explicitly NOT unique, and the CA is left to decide how to make it unique in the face of potentially repeating BGP IDs. If this is not a real issue (e.g. because duplicate IDs are rare and never within a RIR), please say so. * 3.2: earlier we said that Basic Constraints must not be included in the EE cert. Now we are saying that only a particular boolean flag must not be honored when processing the Cert Request. What happens if Basic Constraints is included in the Cert Request but with other flags? * 3.3: ID.sidr-rfc6485bis -> RFC 7935 * 6: in the paragraph that discusses hash functions, please spell out the names of the two key identifiers, because I cannot determine what they are from the document.