Re: Review of draft-ietf-sidr-adverse-actions-03
Steve KENT <steve.kent@raytheon.com> Mon, 09 January 2017 17:39 UTC
Return-Path: <prvs=0182586c3a=steve.kent@raytheon.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD7E4129443; Mon, 9 Jan 2017 09:39:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.099
X-Spam-Level:
X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F_mBO7N9gpFQ; Mon, 9 Jan 2017 09:39:13 -0800 (PST)
Received: from dfw-mailout20.raytheon.com (dfw-mailout20.raytheon.com [199.46.199.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6F12129499; Mon, 9 Jan 2017 09:39:12 -0800 (PST)
Received: from ca-mailout10.rtnmail.ray.com (ca-mailout10.rtnmail.ray.com [147.25.146.12]) by dfw-mailout20.ext.ray.com (8.15.0.59/8.15.0.59) with ESMTPS id v09Hd6VE001004 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 9 Jan 2017 17:39:07 GMT
Received: from 008-smtp-out.ray.com ([23.103.8.215]) by ca-mailout10.rtnmail.ray.com (8.15.0.59/8.15.0.59) with ESMTPS id v09Hd5dP008756 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT); Mon, 9 Jan 2017 17:39:05 GMT
Received: from CY1PR0601MB023.008f.mgd2.msft.net (23.103.8.215) by CY1PR0601MB023.008f.mgd2.msft.net (23.103.8.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.789.16; Mon, 9 Jan 2017 17:39:04 +0000
Received: from CY1PR0601MB023.008f.mgd2.msft.net ([23.103.8.215]) by CY1PR0601MB023.008f.mgd2.msft.net ([23.103.8.215]) with mapi id 15.01.0789.014; Mon, 9 Jan 2017 17:39:04 +0000
From: Steve KENT <steve.kent@raytheon.com>
To: Dan Romascanu <dromasca@gmail.com>, "gen-art@ietf.org" <gen-art@ietf.org>
Subject: Re: Review of draft-ietf-sidr-adverse-actions-03
Thread-Topic: Review of draft-ietf-sidr-adverse-actions-03
Thread-Index: AQHSamYTsL7I4vqN5Eu1AlAG3mZhn6EwZ9Qm
Date: Mon, 09 Jan 2017 17:39:04 +0000
Message-ID: <e24e2f8f5378421c8b4fc911efa11a6e@CY1PR0601MB023.008f.mgd2.msft.net>
References: <148395897584.24935.4865204550913882433.idtracker@ietfa.amsl.com>
In-Reply-To: <148395897584.24935.4865204550913882433.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [23.103.8.197]
Content-Type: multipart/alternative; boundary="_000_e24e2f8f5378421c8b4fc911efa11a6eCY1PR0601MB023008fmgd2m_"
MIME-Version: 1.0
X-CC: dromasca@gmail.com, gen-art@ietf.org, sidr@ietf.org, ietf@ietf.org, draft-ietf-sidr-adverse-actions.all@ietf.org
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-09_11:, , signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-09_11:, , signatures=0
X-Original-Sender: steve.kent@raytheon.com
X-Original-Recipients: draft-ietf-sidr-adverse-actions.all@ietf.org, ietf@ietf.org, sidr@ietf.org, gen-art@ietf.org, dromasca@gmail.com
X-Attachments:
X-DMZ-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1701090248
X-DMZ-Spam-Reason: mlx
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/fJ2i2pgtgrUdXjpMzAeQIaABeXI>
Cc: "draft-ietf-sidr-adverse-actions.all@ietf.org" <draft-ietf-sidr-adverse-actions.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 17:39:14 -0000
Dan, Thanks for the review. Adverse actions include cases where the CA or repository manager is not attacked or did not make an error, as noted in the Introduction: Note that the CA that allocated the affected INRs may be acting in accordance with established policy, and thus the change may be contractually justified, even though viewed as adverse by the INR holder. Thus I believe the title is appropriate. We chose to labels actions with an "A" to distinguish them and to allow numbering of actions to begin at "1". If we label actions by subsection, the labels will become longer, which we felt was awkward. ________________________________ From: Dan Romascanu <dromasca@gmail.com> Sent: Monday, January 9, 2017 5:49:35 AM To: gen-art@ietf.org Cc: sidr@ietf.org; ietf@ietf.org; draft-ietf-sidr-adverse-actions.all@ietf.org Subject: Review of draft-ietf-sidr-adverse-actions-03 Reviewer: Dan Romascanu Review result: Ready with Nits I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-sidr-adverse-actions-03 Reviewer: Dan Romascanu Review Date: 2017-01-09 IETF LC End Date: 2017-01-10 IESG Telechat date: 2017-01-19 Summary: Major issues: Minor issues: Nits/editorial comments: 1. The title is slightly misleading, it can be interpreted that the document deals with cases where the CA or Resource Manager initiate the attacks. In reality the document deals with attacks made possible by the fact that the CA or Resource Managers are themselves under attack, or some management mistakes were made at the CA or Resource Manager. I would suggest a change in the title of the document: s/Adverse Actions by a Certification Authority (CA) or Repository Manager/Adverse Actions by means of a Certification Authority (CA) or Repository Manager/ 2. It is not clear why the numbering of the actions in the subsections of section 2 (2.1, 2,2, etc.) are prefixed by A, rather than continuing the indentation under 2.1, 2.2, etc. In other words - why A-1.1 and not 2.1.1, A-1.1.1 and not 2.1.1.1, etc.
- Review of draft-ietf-sidr-adverse-actions-03 Dan Romascanu
- Re: Review of draft-ietf-sidr-adverse-actions-03 Steve KENT
- Re: Review of draft-ietf-sidr-adverse-actions-03 Jari Arkko