IETF Logo Mail Archive

[secdir] Review of draft-draft-ietf-sidr-rpki-rtr-rfc6810-bis-08

"Matt Miller (mamille2)" <mamille2@cisco.com> Thu, 16 February 2017 01:42 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11573129C36; Wed, 15 Feb 2017 17:42:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Degeqklfg_y8; Wed, 15 Feb 2017 17:42:57 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67A6C1297C9; Wed, 15 Feb 2017 17:42:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2194; q=dns/txt; s=iport; t=1487209377; x=1488418977; h=from:to:cc:subject:date:message-id:mime-version; bh=NIPWpUd5lsbYcMxaUzeolehIplM/RDkIzz0gHUQ5gW0=; b=kr600nkIGV19aA90vLX/k1lpfZE7ANXBddlNqUVhrESCZL/mluwhvj6b WNPPc6fReyFFMysCkoSJg/PWQB4+8iI6460fxvD+/dXxIq8XudRdQ3S9w O7lii7PSOQWuKaA7r/PZQ+y1t9ZwADpauxqUo08TfwY286xPxX5/afxuQ 4=;
X-Files: signature.asc : 496
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CEAgCTAqVY/4YNJK1eGgEBAQECAQEBAQgBAQEBg1KBcY1akXGVVYIMhiKCFz8YAQIBAQEBAQEBYh0LhXASARxkJwQOE4ldsm+LOwEBAQEBAQEBAQEBAQEBAQEBAQEQD4hSCIJihHSDFIIxBYErAZpJAgGBToIkggeMGpEGkxYBHziBAFFjAU+FYoo6gQwBAQE
X-IronPort-AV: E=Sophos;i="5.35,167,1484006400"; d="asc'?scan'208";a="386178167"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Feb 2017 01:42:56 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v1G1guEb024747 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 16 Feb 2017 01:42:56 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 15 Feb 2017 19:42:55 -0600
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1210.000; Wed, 15 Feb 2017 19:42:55 -0600
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Review of draft-draft-ietf-sidr-rpki-rtr-rfc6810-bis-08
Thread-Index: AQHSh/X+fRJZ/w0+LUaGVahbZOfhTw==
Date: Thu, 16 Feb 2017 01:42:55 +0000
Message-ID: <F97D42D7-5751-4034-87B8-5CA598E0D518@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.234.85]
Content-Type: multipart/signed; boundary="Apple-Mail=_A19C5337-4B2C-49D9-B866-0E0F78A1B524"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/1VF0uNbvbTiybClVfNHaH5NV3DY>
Cc: "draft-ietf-sidr-rpki-rtr-rfc6810-bis.all@ietf.org" <draft-ietf-sidr-rpki-rtr-rfc6810-bis.all@ietf.org>
Subject: [secdir] Review of draft-draft-ietf-sidr-rpki-rtr-rfc6810-bis-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2017 01:42:59 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Document: draft-ietf-sidr-rpki-rtr-rfc6810-bis-08
Reviewer: Matthew A. Miller
Review Date: 2017-02-14
IETF LC End Date: 2017-01-30
IESG Telechat date: 2017-02-16

Summary:

This document is ready for publication as a Proposed Standard, but has
a minor concern that should be addressed.

This document describes a protocol for distributing RPKI information
to routers from trusted caches.

Major issues:  NONE

Minor issues:

* In Section 5.1. "Fields of a PDU", for the Flags: definition, it
states that:

    """
    The remaining bits in the flags field are reserved for future use.
    In protocol version 1, they MUST be 0 on transmission and SHOULD
    be ignored on receipt.
    """

However, this seems backwards to me.  Would it seem safer that the
reserved flags "MUST be ignored on receipt".


Nits/editorial comments: NONE

[posted to datatracker on 02-14]

v2.23.0 | Report a Bug | By Email