Early Review of draft-ietf-sidrops-rrdp-same-origin-02
review-ietf-sidrops-rrdp-same-origin-02-secdir-early-harkins-2024-08-09-00
Request | Review of | draft-ietf-sidrops-rrdp-same-origin-02 |
---|---|---|
Requested revision | 02 (document currently at 04) | |
Type | Early Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2024-08-31 | |
Requested | 2024-07-27 | |
Requested by | Keyur Patel | |
Authors | Job Snijders | |
I-D last updated | 2024-08-09 | |
Completed reviews |
Opsdir Early review of -02
by Niclas Comstedt
(diff)
Genart Early review of -02 by Meral Shirazipour (diff) Secdir Early review of -02 by Dan Harkins (diff) |
|
Comments |
Please Review and provide comments. |
|
Assignment | Reviewer | Dan Harkins |
State | Completed | |
Request | Early review on draft-ietf-sidrops-rrdp-same-origin by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/GbfK73R7SA9GR7uJpgF68TvLvFc | |
Reviewed revision | 02 (document currently at 04) | |
Result | Ready | |
Completed | 2024-08-09 |
review-ietf-sidrops-rrdp-same-origin-02-secdir-early-harkins-2024-08-09-00
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft addresses an apparent mistake in RFC 8182 by specifying a "same origin policy" for RPKI Repository Delta protocol. This prevents cross-origin references in RRDP that could result in attacks. It is concise and well-written. The Security Considerations are fine. It was good to see the inclusion of Deployability considerations (section 4). The summary of the review is Ready. regards, Dan. -- "The object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius