Skip to main content

Last Call Review of draft-ietf-sidr-rfc6485bis-04
review-ietf-sidr-rfc6485bis-04-secdir-lc-turner-2015-10-29-00

Request Review of draft-ietf-sidr-rfc6485bis
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-11-02
Requested 2015-10-22
Authors Geoff Huston , George G. Michaelson
I-D last updated 2015-10-29
Completed reviews Genart Last Call review of -04 by Roni Even (diff)
Genart Last Call review of -05 by Roni Even
Secdir Last Call review of -04 by Sean Turner (diff)
Assignment Reviewer Sean Turner
State Completed
Request Last Call review on draft-ietf-sidr-rfc6485bis by Security Area Directorate Assigned
Reviewed revision 04 (document currently at 05)
Result Has nits
Completed 2015-10-29
review-ietf-sidr-rfc6485bis-04-secdir-lc-turner-2015-10-29-00
Fear not as this is just the secdir review!

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving security requirements and
considerations in IETF drafts. Comments not addressed in last call may be
included in AD reviews during the IESG review.  Document editors and WG chairs
should treat these comments just like any other last call comments.

draft summary: This bis document specifies crypto/CMS-related “stuff” for RPKI
subscribers and relying parties: signature and hash algorithm parameters,
public key formats, etc.  It doesn’t define new algorithms it just says use
these values from these other RFCs in this field or that field.  The authors
made it really easy for reviewers in that they included a list of all of the
changes since RFC6485 in s8; thanks for that.  There’s a few DOWNREFs in the
draft, but they are all referenced in the IETF LC and I have no problem with
the new one; two were already in the DOWNREF registry.

secdir summary: We are go for launch! (i.e., ready)

nit: There’s a stray “/>” in s6, but the RFC editor can fix that up.

spt