[CGA-EXT] [draft-ietf-csi-send-cert-01] Review

Jean-Michel Combes <jeanmichel.combes@gmail.com> Tue, 08 December 2009 16:43 UTC

Return-Path: <jeanmichel.combes@gmail.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1B7B328C1FE for <cga-ext@core3.amsl.com>; Tue, 8 Dec 2009 08:43:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.556
X-Spam-Level:
X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ps-u48Ah7LvK for <cga-ext@core3.amsl.com>; Tue, 8 Dec 2009 08:43:05 -0800 (PST)
Received: from mail-iw0-f195.google.com (mail-iw0-f195.google.com [209.85.223.195]) by core3.amsl.com (Postfix) with ESMTP id 491EB28C1F0 for <cga-ext@ietf.org>; Tue, 8 Dec 2009 08:43:05 -0800 (PST)
Received: by iwn33 with SMTP id 33so4062096iwn.29 for <cga-ext@ietf.org>; Tue, 08 Dec 2009 08:42:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=n65KS+nqbRKCDpop0JCLlzotttBY53R72vI/q9Ew3fc=; b=CDXm4lxZolAik1fQUfj0Xnrkd8uboYV/YqvJCE/eK1OTt5rLz+nNtuiLbbtr9jPEnp A08J+/qsPS6InPTDDTPxxd/E3Ig8YkriZJPLpe8n6X3+22ZM52tCGmqZlmasUTMVyVOe dExC9EisvgsHzLQJ8sFEHhAW2AHWpt3S7Xh/E=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=TtoIzrL0phc9KkGGW5IcIZEkPTNfWHwgrNgLJbkNl0uPfpVoav/q6Rxh80Wvp0Sx15 BJnUipK4VcqtP77W0eDg29DqgIcXQ8zy42ukMnGv3DLzN8fir891SWMUn1uxAhhblvlc +8e/ILK9ctfKtXpU6VvV53d0vKtEkWx2eUMyA=
MIME-Version: 1.0
Received: by 10.231.42.150 with SMTP id s22mr738792ibe.22.1260290572258; Tue, 08 Dec 2009 08:42:52 -0800 (PST)
Date: Tue, 08 Dec 2009 17:42:52 +0100
Message-ID: <729b68be0912080842p282dec29o85a0fb1a97ebfddb@mail.gmail.com>
From: Jean-Michel Combes <jeanmichel.combes@gmail.com>
To: cga-ext@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [CGA-EXT] [draft-ietf-csi-send-cert-01] Review
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2009 16:43:06 -0000

Hi,

here are some comments/questions regarding the draft:

o Section 4, p7
Typo:
s/(i.e. and end user could deploy SEND without the need of RPKI
deployment in its ISP)/(i.e. an end user could deploy SEND without the
need of RPKI deployment in its ISP)

"This model MAY include ULA addresses."
I would add a reference to the RFC 4193.

o Section 5.1, p8
IMHO, it should be clearer:
s/"This certificate will be obtained from the publication point of
certificate defined as trust anchor."/"This certificate will be
obtained from the publication point of the trust anchor certificate."
BTW, as you used "EE" term at the beginning of the section, why not to
use the rest of the terminology specified in [draft-ietf-sidr-ta-02]
(i.e. ETA, RTA)?

"The identification for the Trust Anchor Material will be included in
the Name Type Field of the ICMP Trust Anchor Option as decribed in RFC
3971 and MUST always to refer to a certificate that includes as RFC
3779 address extension."
s/as decribed in RFC 3971/as described in RFC 3971
What do you mean by "MUST always to refer to a certificate that
includes as RFC 3779 address extension."?
Because, as far as I understood the RPKI structure
[draft-ietf-sidr-ta-02], normally, the device validating the router's
EE cert has only an ETA cert which doesn't contain a RFC 3779 Address
Extension (this last one refers to a RTA which contains a RFC 3779
Address Extension). Am I correct?

Thanks in advance for your reply.

Best regards.

JMC.