Re: [secdir] SecDir review of draft-ietf-sidr-adverse-actions-03

Steve KENT <> Fri, 06 January 2017 15:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 50271129542; Fri, 6 Jan 2017 07:14:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9CKk6Z_6PWzI; Fri, 6 Jan 2017 07:14:03 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D73D3129451; Fri, 6 Jan 2017 07:14:03 -0800 (PST)
Received: from ( []) by ( with ESMTPS id v06FDv1j033086 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 6 Jan 2017 15:13:58 GMT
Received: from ([]) by ( with ESMTPS id v06FDu5d029052 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT); Fri, 6 Jan 2017 15:13:57 GMT
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.789.16; Fri, 6 Jan 2017 15:13:56 +0000
Received: from ([]) by ([]) with mapi id 15.01.0789.014; Fri, 6 Jan 2017 15:13:56 +0000
From: Steve KENT <>
To: Declan Ma <>, "Brian Weis (bew)" <>
Thread-Topic: SecDir review of draft-ietf-sidr-adverse-actions-03
Thread-Index: AQHSZrFGyP8oViwbEkKwjJSI9pFi26ErDBYAgACEbss=
Date: Fri, 06 Jan 2017 15:13:56 +0000
Message-ID: <>
References: <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_761fc144f6364e6c97a3bf9df2e3349aCY1PR0601MB023008fmgd2m_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-06_13:, , signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-06_13:, , signatures=0
X-DMZ-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1701060239
X-DMZ-Spam-Reason: mlx
Archived-At: <>
Cc: Chris Morrow <>, Declan Ma <>, Stephen Kent <>, "" <>, secdir <>, "" <>, "" <>, The IESG <>, "Alvaro Retana (aretana)" <>, "" <>
Subject: Re: [secdir] SecDir review of draft-ietf-sidr-adverse-actions-03
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Jan 2017 15:14:05 -0000


I agree that "addressed" should be changed. How about "encompassed"?

I agree that suppression also applies in the context of a planned  (or emergency) cert rollover. We can add a sentence to note that expiration of a cert that was intended to be rolled over is also a potential outcome.



From: Declan Ma <>
Sent: Friday, January 6, 2017 2:16:02 AM
To: Brian Weis (bew)
Cc: secdir; The IESG;; Stephen Kent; Declan Ma; Chris Morrow; Sandra Murphy; Alvaro Retana (aretana);;;; Declan Ma
Subject: Re: SecDir review of draft-ietf-sidr-adverse-actions-03

Dear Brian,

Thanks for reviewing this document.

> 在 2017年1月5日,01:37,Brian Weis (bew) <> 写道:
> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.
> As stated in the Abstract, this document analyzes actions by or against a CA or independent repository manager in the RPKI that can adversely affect the Internet Number Resources (INRs) associated with that CA or its subordinate CAs. Put another way, it documents threats to the RPKI/BGPSEC PKI, in which there are unique threats to the PKI that can adversely affect Internet routing. The document is well written and internally consistent. The Security Considerations section is adequate.
> I consider this draft Ready to publish, but here are a couple of discretionary comments for the authors.
> 1. The end of section 2 says "Note that not all adverse actions may be addressed by this taxonomy.”. The phrase “addressed by” confused me a little bit, as it implies some recommendation or remediation ― which this document does not attempt to do. This might be more clearly worded as “described by” or “included in”.

I think this is really a good suggestion.

> 2. In section 2.1, A-1.2 (Suppression), it seems that suppression could result in the CA certificate intended to be replaced to expire before an intended CA rollover operation happens due to thes suppressed replacement certificate. Perhaps it is not noted because this threat is not specific to RPKI/BGPSEC, but it could be another serious suppression affecting Internet routing.

CA rollover operation is a specific scenario where CA certificate suppression could take place. As this document focuses on the harmful results of adverse actions not the causes nor motivations of adverse actions, we authors don’t note this case specially you just mentioned.  Anyway, we authors will be considering this comments from you when updating this draft in its next version.