Last Call Review of draft-ietf-sidr-repos-struct-
review-ietf-sidr-repos-struct-secdir-lc-salowey-2011-05-19-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

In general the draft looks useful, but I think there are a few things that need
to be addressed before publication.

1.   The document asks for a registration for the extension  .roa for Route
Origination Authorization, but the discussion of this type is absent from the
rest of the document. 2.   In section 2.2 under certificates it would probably
be good to specify the encoding of the certificate since there are different
encodings in use (DER, Base64,etc). 3.   The document is not very specific on
what signed objects may consist of.   The security considerations section
points out that the repository itself does not provide integrity protection. 
The security considerations section should probably also mention that
confidentiality is also not provided by the repository or by the signed objects
(unless there is some mechanism used to ensure the confidentiality of the data
which would need to be specified)  and that data that requires controlled
access should not be included in signed objects in the repository.

Thanks,

Joe