[Gen-art] Gen-ART Review of draft-ietf-sidr-arch-11
<david.black@emc.com> Fri, 25 February 2011 02:47 UTC
Return-Path: <david.black@emc.com>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7F5713A68FD; Thu, 24 Feb 2011 18:47:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.524
X-Spam-Level:
X-Spam-Status: No, score=-106.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yzz1+zPEj6Yy; Thu, 24 Feb 2011 18:47:24 -0800 (PST)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id 239B83A68F9; Thu, 24 Feb 2011 18:47:23 -0800 (PST)
Received: from hop04-l1d11-si03.isus.emc.com (HOP04-L1D11-SI03.isus.emc.com [10.254.111.23]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p1P2mBng020021 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 24 Feb 2011 21:48:11 -0500
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.221.253]) by hop04-l1d11-si03.isus.emc.com (RSA Interceptor); Thu, 24 Feb 2011 21:48:00 -0500
Received: from mxhub10.corp.emc.com (mxhub10.corp.emc.com [10.254.92.105]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p1P2lo3G026272; Thu, 24 Feb 2011 21:47:50 -0500
Received: from mx14a.corp.emc.com ([169.254.1.143]) by mxhub10.corp.emc.com ([10.254.92.105]) with mapi; Thu, 24 Feb 2011 21:47:49 -0500
From: david.black@emc.com
To: mlepinski@bbn.com, kent@bbn.com, gen-art@ietf.org
Date: Thu, 24 Feb 2011 21:47:49 -0500
Thread-Topic: Gen-ART Review of draft-ietf-sidr-arch-11
Thread-Index: AcvUlmOMrLqZQAjwSPmfrbjAxjZC8A==
Message-ID: <7C4DFCE962635144B8FAE8CA11D0BF1E03E5B1BE9C@MX14A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Cc: stbryant@cisco.com, Sandra.Murphy@sparta.com, sidr@ietf.org
Subject: [Gen-art] Gen-ART Review of draft-ietf-sidr-arch-11
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Feb 2011 02:47:25 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
Please resolve these comments along with any other Last Call comments you may receive.
Document: draft-ietf-sidr-arch-11
Reviewer: David L. Black
Review Date: February 24, 2011
IETF LC End Date: February 21, 2011
Summary:
This draft is basically ready for publication, but has nits that should be fixed before publication.
First of all, I apologize for the tardiness of this review; I got sick over the past weekend and unable to complete the review at that time.
This draft is very well-written - it explains the PKI concepts well and has good organization and flow. Overall, this is a nice piece of work, and an example of what an architecture document should be - a technical overview that leaves the details to other documents.
I found a number of minor items that are mostly editorial:
(1) Section 4.2 variously describes the repository system as including databases, file systems and possibly web servers as URIs are apparently required. I suggest that the term "directory structured" be used instead of discussing a directory in a file system. I suggest that the required update behavior of the database be described (e.g., how much of full ACID transaction support is required for what sorts or scopes of transactions). It appears that URIs are a required form of addressing (e.g., as the SIA certificate extension contains a URI), and I would suggest discussing the resulting URI requirements on the access protocols in Section 4.3 (e.g., relationship of the URI structure to the RSYNC directory structure).
(2) In section 4.3, beyond bulk download of the entire repository contents, is there also a requirement for bulk download of a directory's contents, or bulk download of the entire tree structure rooted at a directory?
(3) The last paragraph of Section 5 states that the repository system is untrusted. That statement should be repeated in
Section 4's material on repositories.
(4) The draft selectively uses RFC 2119 upper case terms and their lower case counterparts. That usage should be carefully double-checked to ensure that the stronger upper case terms are used where needed - here are a couple of examples where upper case may be more appropriate than lower case:
- Top of p. 16: "An authority is required to issue a new manifest ..." (required -> REQUIRED ?)
- Start of section 7.2: " Whenever a certification authority ..., it must perform a key rollover procedure."
(must -> MUST ?)
(5) Item 1 in Section 6 on Local Cache Maintenance says:
1. Query the registry system to obtain a copy of all certificates,
manifests and CRLs issued under the PKI.
Was "repository" intended instead of "registry"? Item 3 is related and uses the term "repository".
(6) idnits 2.12.07 earned its keep by finding a bunch of nits:
** There are 2 instances of too long lines in the document, the longest one
being 18 characters in excess of 72.
== The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but
does not include the phrase in its RFC 2119 key words list.
== Missing Reference: 'RFC3 779' is mentioned on line 166, but not defined
== Missing Reference: 'RFC 5871' is mentioned on line 647, but not defined
== Unused Reference: 'SIDR-ALG' is defined on line 1040, but no explicit
reference was found in the text
== Unused Reference: 'PROVISION' is defined on line 1058, but no explicit
reference was found in the text
== Unused Reference: 'RFC 5781' is defined on line 1062, but no explicit
reference was found in the text
-- No information found for draft-ietf-sidr-rpki-signed-object - is the
name correct?
-- No information found for draft-ietf-sidr-rescert-provisioning - is the
name correct?
Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA 01748
+1 (508) 293-7953 FAX: +1 (508) 293-7786
david.black@emc.com Mobile: +1 (978) 394-7754
----------------------------------------------------