Skip to main content

Last Call Review of draft-ietf-sidrops-rpki-has-no-identity-04
review-ietf-sidrops-rpki-has-no-identity-04-secdir-lc-rose-2022-03-15-00

Request Review of draft-ietf-sidrops-rpki-has-no-identity
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-03-18
Requested 2022-03-04
Authors Randy Bush , Russ Housley
I-D last updated 2022-03-15
Completed reviews Artart Last Call review of -04 by Tim Bray (diff)
Rtgdir Telechat review of -05 by Martin Vigoureux (diff)
Secdir Last Call review of -04 by Kyle Rose (diff)
Genart Last Call review of -04 by Matt Joras (diff)
Artart Telechat review of -05 by Tim Bray (diff)
Assignment Reviewer Kyle Rose
State Completed
Request Last Call review on draft-ietf-sidrops-rpki-has-no-identity by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/epeX5mkGXu-K6sQgqw2_piGd3LM
Reviewed revision 04 (document currently at 07)
Result Ready
Completed 2022-03-15
review-ietf-sidrops-rpki-has-no-identity-04-secdir-lc-rose-2022-03-15-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This document is Almost Ready, but its publication as an RFC may or may not be
the right way to address the problem it is targeted at.

Can one of the authors cite a specific reference to the problem that this draft
is trying to address? A written example of where this "false notion" exists?

If the sole purpose of this document is to state a normative prohibition on one
aspect of RPKI as described in the informational RFC 6480, would a better
approach not be to normatively specify RPKI via a 6480bis on standards track?
It feels weird to create a single normative prohibition for a specification
that is otherwise classified as informational, but perhaps there is sufficient
precedent for this.

My one nit suggestion would be to make some of the language a little less
casual, starting with the abstract.