Skip to main content

Early Review of draft-ietf-sidrops-rrdp-same-origin-02
review-ietf-sidrops-rrdp-same-origin-02-secdir-early-harkins-2024-08-09-00

Request Review of draft-ietf-sidrops-rrdp-same-origin-02
Requested revision 02 (document currently at 04)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2024-08-31
Requested 2024-07-27
Requested by Keyur Patel
Authors Job Snijders
I-D last updated 2024-08-09
Completed reviews Opsdir Early review of -02 by Niclas Comstedt (diff)
Genart Early review of -02 by Meral Shirazipour (diff)
Secdir Early review of -02 by Dan Harkins (diff)
Comments
Please Review and provide comments.
Assignment Reviewer Dan Harkins
State Completed
Request Early review on draft-ietf-sidrops-rrdp-same-origin by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/GbfK73R7SA9GR7uJpgF68TvLvFc
Reviewed revision 02 (document currently at 04)
Result Ready
Completed 2024-08-09
review-ietf-sidrops-rrdp-same-origin-02-secdir-early-harkins-2024-08-09-00
   Hello,


   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

   This draft addresses an apparent mistake in RFC 8182 by specifying
a "same origin policy" for RPKI Repository Delta protocol. This
prevents cross-origin references in RRDP that could result in attacks.
It is concise and well-written. The Security Considerations are fine.
It was good to see the inclusion of Deployability considerations
(section 4).

   The summary of the review is Ready.

   regards,

   Dan.

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius