Re: Review of draft-ietf-sidr-adverse-actions-03

Steve KENT <> Mon, 09 January 2017 17:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AD7E4129443; Mon, 9 Jan 2017 09:39:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.099
X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id F_mBO7N9gpFQ; Mon, 9 Jan 2017 09:39:13 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A6F12129499; Mon, 9 Jan 2017 09:39:12 -0800 (PST)
Received: from ( []) by ( with ESMTPS id v09Hd6VE001004 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 9 Jan 2017 17:39:07 GMT
Received: from ([]) by ( with ESMTPS id v09Hd5dP008756 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT); Mon, 9 Jan 2017 17:39:05 GMT
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.789.16; Mon, 9 Jan 2017 17:39:04 +0000
Received: from ([]) by ([]) with mapi id 15.01.0789.014; Mon, 9 Jan 2017 17:39:04 +0000
From: Steve KENT <>
To: Dan Romascanu <>, "" <>
Subject: Re: Review of draft-ietf-sidr-adverse-actions-03
Thread-Topic: Review of draft-ietf-sidr-adverse-actions-03
Thread-Index: AQHSamYTsL7I4vqN5Eu1AlAG3mZhn6EwZ9Qm
Date: Mon, 09 Jan 2017 17:39:04 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_e24e2f8f5378421c8b4fc911efa11a6eCY1PR0601MB023008fmgd2m_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-09_11:, , signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-09_11:, , signatures=0
X-DMZ-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1701090248
X-DMZ-Spam-Reason: mlx
Archived-At: <>
Cc: "" <>, "" <>, "" <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 09 Jan 2017 17:39:14 -0000


Thanks for the review.

Adverse actions include cases where the CA or repository manager is not attacked or did not make an error, as noted in the Introduction:

Note that the CA that allocated the affected INRs may be acting in accordance with established policy, and thus the change may be contractually justified, even though viewed as adverse by the INR holder.
Thus I believe the title is appropriate.

We chose to labels actions with an "A" to distinguish them and to allow numbering of actions to begin at "1". If we label actions by subsection, the labels will become longer, which we felt was awkward.

From: Dan Romascanu <>
Sent: Monday, January 9, 2017 5:49:35 AM
Subject: Review of draft-ietf-sidr-adverse-actions-03

Reviewer: Dan Romascanu
Review result: Ready with Nits

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-sidr-adverse-actions-03
Reviewer: Dan Romascanu
Review Date: 2017-01-09
IETF LC End Date: 2017-01-10
IESG Telechat date: 2017-01-19


Major issues:

Minor issues:

Nits/editorial comments:

1. The title is slightly misleading, it can be interpreted that the
document deals with cases where the CA or Resource Manager initiate
the attacks. In reality the document deals with attacks made possible
by the fact that the CA or Resource Managers are themselves under
attack, or some management mistakes were made at the CA or Resource
Manager. I would suggest a change in the title of the document:

s/Adverse Actions by a Certification Authority (CA) or Repository
Manager/Adverse Actions by means of a Certification Authority (CA) or
Repository Manager/

2. It is not clear why the numbering of the actions in the subsections
of section 2 (2.1, 2,2, etc.) are prefixed by A, rather than
continuing the indentation under 2.1, 2.2, etc. In other words - why
A-1.1 and not 2.1.1, A-1.1.1 and not, etc.