Re: [secdir] [sidr] Secdir last call review of draft-ietf-sidr-slurm-06

Daniel Migault <daniel.migault@ericsson.com> Tue, 27 February 2018 14:28 UTC

Return-Path: <daniel.migault@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDFD612D77B for <secdir@ietfa.amsl.com>; Tue, 27 Feb 2018 06:28:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HwiYxHQBKC-F for <secdir@ietfa.amsl.com>; Tue, 27 Feb 2018 06:28:21 -0800 (PST)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AE8712D7F2 for <secdir@ietf.org>; Tue, 27 Feb 2018 06:28:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1519741699; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ep7NXBAMNvdckBzLLeYtiDS1kQ2WJpxg5EUM7+DDgac=; b=NiJB61oVJ9mOL0ern/MiTdozlIeIbxcG8Ty5ToG3NT1oCCxFPoZWJerbHZQj+YVL Ndr0INCcj/lnlXlKRpjmf1XIg5DfpX6JWF4PlU/Ld8hsUvPZ6cemnTs+mkAuyj7D q/g/iLTnkibLIZu0I+Swz5dhjhgl1oJ9RBbkeJ8V7hY=;
X-AuditID: c6180641-835ff70000007a40-32-5a956b022bb3
Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id 5F.98.31296.20B659A5; Tue, 27 Feb 2018 15:28:19 +0100 (CET)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.03.0352.000; Tue, 27 Feb 2018 09:28:18 -0500
From: Daniel Migault <daniel.migault@ericsson.com>
To: Di Ma <madi@zdns.cn>
CC: secdir <secdir@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-sidr-slurm.all@ietf.org" <draft-ietf-sidr-slurm.all@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Thread-Topic: [sidr] Secdir last call review of draft-ietf-sidr-slurm-06
Thread-Index: AQHTr7wnUTKslLZqfEuSwcNPDeWDTqO4TsOw
Date: Tue, 27 Feb 2018 14:28:17 +0000
Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C118DDDB6B@eusaamb107.ericsson.se>
References: <151913883228.4660.15594261925083651299@ietfa.amsl.com> <5DC08C9A-C97E-4E8B-918B-A33E6D401FBD@zdns.cn>
In-Reply-To: <5DC08C9A-C97E-4E8B-918B-A33E6D401FBD@zdns.cn>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.222]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJLMWRmVeSWpSXmKPExsUyuXRPiC5z9tQog8vT+SxutllZPNs4n8Xi 3pNiiw8LH7JYLJt0ntGB1WPJkp9MHu+6OhkDmKK4bFJSczLLUov07RK4MvovLGIq+CZRcXBu A2MD4xKJLkZODgkBE4k9/+exgNhCAkcYJaafALK5gOzljBIbj91kBEmwCRhJtB3qZ+9i5OAQ EZCQuPaZF6SGWWAto8Tejg52kBphAXeJrtP32EBsEQEPieWTVjFC2EYSJ35eZwKxWQRUJc5P vQZm8wr4SjQu2QO1uETi/rwGMJtTwFpi14lZrCA2o4CYxPdTa8DqmQXEJW49mc8EcbSAxJI9 55khbFGJl4//sYLcJiGgLLHoTB6IySygKbF+lz5Ep6LElO6H7BBbBSVOznzCMoFRdBaSobMQ OmYh6ZiFpGMBI8sqRo7S4oKc3HQjw02MwAg5JsHmuINxb6/nIUYBDkYlHt6fIVOjhFgTy4or cw8xSnAwK4nwrlw8OUqINyWxsiq1KD++qDQntfgQozQHi5I47zlP3ighgfTEktTs1NSC1CKY LBMHp1QDo5oFjxuPEo/e5tolc6OPtHlZcQrI6S02Vdx9fWXNkd13+w7dfc3wX/zAp6x9gZNs Tym5xZRMdzUWYja3TqlWPpnwzlZluXyMWju/Qp/d1qLa58KfDizJ6645w6pYffTi7n/br1tz NPYv1U5VuxG3rHzbgufKcs0KT/X0PLd4HVr6ebfly6wSJZbijERDLeai4kQAg8GabIwCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/BDPrclNjSczZooGnznhDC_YrGps>
Subject: Re: [secdir] [sidr] Secdir last call review of draft-ietf-sidr-slurm-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2018 14:28:23 -0000

Hi Di, 

This addresses my concerns thanks!
Yours, 
Daniel

-----Original Message-----
From: Di Ma [mailto:madi@zdns.cn] 
Sent: Tuesday, February 27, 2018 6:14 AM
To: Daniel Migault <daniel.migault@ericsson.com>;
Cc: secdir <secdir@ietf.org>;; ietf@ietf.org; draft-ietf-sidr-slurm.all@ietf.org; sidr@ietf.org
Subject: Re: [sidr] Secdir last call review of draft-ietf-sidr-slurm-06

Daniel,

Thanks for your review.

Please see my responses in lines.


> 在 2018年2月20日,23:00,Daniel Migault <daniel.migault@ericsson.com>; 写道:
> 
> Reviewer: Daniel Migault
> Review result: Has Nits
> 
> Hi,
> 
> I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the 
> IESG.  These comments were written primarily for the benefit of the 
> security area directors.  Document editors and WG chairs should treat 
> these comments just like any other last call comments.
> 
> The summary of the review is Ready with nits:
> 
> •	section 1: Introduction
> 
>   However, an RPKI relying party may want to override some of the
>   information expressed via putative TAs and the certificates
> 
> <mglt>It seems that TA is being used for the first time here. The 
> acronym should be extended to ease the reading of the document. I am 
> reading it as Trust Anchor.</mglt>
> 

Yes. We will use Trust Anchor for its first use. 

> 
> •	section 2.  RPKI RPs with SLURM
> 
>   SLURM provides a simple way to enable RPs to establish a local,
> 
> <mglt>It seems to me the acronym RP is used for the first time. It 
> seems that it should be expanded to ease the reading of the document. 
> I am reading it as Relaying Party.</mglt>

Yes. We will use Relaying Party for its first use. 

> 
> 
> •	section 6 Security considerations
> 
> <mglt>I My reading is that the section catches the criticality of the 
> SLURM files and that network operators are already familiar 
> provisioning critical data. As such I believe the section is 
> sufficiently clear.</mglt>
> 
> •	whole document:
> 
> <mglt>It seems that BGPSec, and BGPsec are used together. I believe 
> this should be harmonized to BGPsec.</mglt>

We will use BGPsec throughout this document as used by RFC 8205. 

Di