Last Call Review of draft-ietf-sidr-rpki-algs-
review-ietf-sidr-rpki-algs-secdir-lc-weis-2011-04-06-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This document describes the algorithm suite used as part of the RPKI. The suite
specifies a single signature algorithm (RSA) with a single key size, a single
hashing algorithm (SHA-256), a single signature format, and formats for
describing the public key. Section 5 indicates that this profile will be
updated when the RPKI needs to adapt different choices. I was glad to see such
an algorithm agility plan, but this implies that this will in fact never have a
peer document describing another profile. In such a case I would expect the
document title to be more inclusive (e.g., drop the first three words of the
title). Alternatively, it might be helpful to describe in Section 5 under what
circumstance another profile would be published instead of updating this one.

The Security Considerations document refers the reader to the security
considerations described in several other documents. After reading those
sections, I agree this is appropriate.

Brian

--
Brian Weis
Security Standards and Technology, SRTG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew at cisco.com