[eppext] Stephen Farrell's Discuss on draft-ietf-eppext-tmch-smd-04: (with DISCUSS and COMMENT)

["Stephen Farrell" <stephen.farrell@cs.tcd.ie>]

Stephen Farrell has entered the following ballot position for
draft-ietf-eppext-tmch-smd-04: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-eppext-tmch-smd/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


Section 7 points to [ICANN-TMCH] for signature validation policy
(I think, not quite sure). I did a quick scan (so I might have
missed it) of that document and did not find any mention of
security or signature validation, so what is an implementer
supposed to do, over and above just checking the cryptographic
correctness of the XMLDSIG? Note1: I'm not asking that all of
the details of how to construct a PKI for this functionality be
documented here, somewhere else is fine, but it doesn't seem to
be in [ICANN-TMCH] that I can see, so I don't know what I'd have
to implement, that'd get interop. Note2: I'm also not asking for
a US-DoD-scale super-huge PKI or RPKI to be specified here,
something simpler should work.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


- Please see the secdir review [1] which raises a number of
significant points (including the DISCUSS above) and which
hasn't as far as I've seen gotten a response (apologies if I
missed that).

   [1]
https://www.ietf.org/mail-archive/web/secdir/current/msg06248.html

- "precudle" nice:-)