Skip to main content

Last Call Review of draft-ietf-sidr-slurm-06

Request Review of draft-ietf-sidr-slurm
Requested revision No specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-02-21
Requested 2018-02-07
Authors Di Ma , David Mandelberg , Tim Bruijnzeels
I-D last updated 2018-02-20
Completed reviews Rtgdir Telechat review of -06 by IJsbrand Wijnands (diff)
Genart Last Call review of -06 by Francis Dupont (diff)
Secdir Last Call review of -06 by Daniel Migault (diff)
Assignment Reviewer Daniel Migault
State Completed
Review review-ietf-sidr-slurm-06-secdir-lc-migault-2018-02-20
Reviewed revision 06 (document currently at 08)
Result Has Nits
Completed 2018-02-20

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The summary of the review is Ready with nits:

•	section 1: Introduction

   However, an RPKI relying party may want to override some of the
   information expressed via putative TAs and the certificates

<mglt>It seems that TA is being used for the first time here. The acronym
should be extended to ease the reading of the document. I am reading it 
as Trust Anchor.</mglt>

•	section 2.  RPKI RPs with SLURM

   SLURM provides a simple way to enable RPs to establish a local,

<mglt>It seems to me the acronym RP is used for the first time. It seems that 
it should be expanded to ease the reading of the document. I am reading it 
as Relaying Party.</mglt>

•	section 6 Security considerations

<mglt>I My reading is that the section catches the criticality of the SLURM 
files and that network operators are already familiar provisioning critical 
data. As such I believe the section is sufficiently clear.</mglt>

•	whole document:

<mglt>It seems that BGPSec, and BGPsec are used together. I believe this 
should be harmonized to BGPsec.</mglt>