IETF Logo Mail Archive

[secdir] Re: Secdir last call review of draft-ietf-regext-rdap-geofeed-09

Jasdip Singh <jasdips@arin.net> Wed, 16 April 2025 17:45 UTC

Return-Path: <jasdips@arin.net>
X-Original-To: secdir@mail2.ietf.org
Delivered-To: secdir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 573821D2E025; Wed, 16 Apr 2025 10:45:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=arin365.onmicrosoft.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xk_kg0m8VX0Y; Wed, 16 Apr 2025 10:45:50 -0700 (PDT)
Received: from smtp3.arin.net (smtp3.arin.net [199.43.0.53]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A7AA71D2E01A; Wed, 16 Apr 2025 10:45:47 -0700 (PDT)
Received: from EOR2201ASH.corp.arin.net (eor2201ash.corp.arin.net [10.4.30.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp3.arin.net (Postfix) with ESMTPS id 3F49E1075182; Wed, 16 Apr 2025 13:45:46 -0400 (EDT)
Received: from EOR2201ASH.corp.arin.net (10.4.30.49) by EOR2201ASH.corp.arin.net (10.4.30.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 16 Apr 2025 10:45:46 -0700
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (199.43.0.37) by EOR2201ASH.corp.arin.net (10.4.30.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12 via Frontend Transport; Wed, 16 Apr 2025 10:45:45 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GTaJicLlio850cl880T1phIqoAg2TeYAlDQ8Z7FW4J/3MhkOPJ5Uqp/Mbp7CDhG27B6JYmzY9uUS2R6GJbhABA66ZBJjsotsy9Bil4a2cuSf4gfZBgOFdqlD5wzIg7ksz+9hMzCH7W1vzWTQHgWCVISHfOis2Rt1tlOmrN5wqaloG4OEKTWATatXf0lquPebHkOhY90gS+GvUir4ugyvMN1afXJEjnDtVKXssvs3PHNwmdsJKP2uN44mGIs+8cbjBV7QLkiMuq4uiHppjQ3YQCVcC6h1pnNaxLUpICRHUAvha6/5P0xRhlUix5itj337EzCywFw5FMffSIH+5isqfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3bgeK8V49KLmZ86TZh1xjKnb7FnQzDgIbxDrzM7uMpk=; b=QhzhieAe6bGqQD5QLDwwrwBGuYEQ7IgnR3vWiFNL5ln9A1ZGOQh8Ieyfj86sGZ/wPpB30PE0+vex5hkl1bNX4eaJCjXrLheujjdb2/1JpaaWqPcaKEKPT5BV3wg2HZggq2BwjHxHSou46Kw5MsGHqRHFoHwaXLnCd8zJ1vnUtvMB3o34xe/25ITakTL9Ccr6V8SyZpumzOtbaYxfqvMDCAx15O9UXeUPDS217dPI89PbeOFhTNc/g8KvPeBir6989XIrqjRgwISgM9tW+JFzU0wF+Fl6swWwEk8PktqZU2/LH4wIBl0VM+ILX49ye3KOAuzyqoTdzLi0+08f3mEvFA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arin.net; dmarc=pass action=none header.from=arin.net; dkim=pass header.d=arin.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arin365.onmicrosoft.com; s=selector1-arin365-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3bgeK8V49KLmZ86TZh1xjKnb7FnQzDgIbxDrzM7uMpk=; b=g7Qw1mrYPU8S2OY/nfI+aeWS77Ct/Ii0E+xxfAxEzdwEZrpMXi6U7vDEPp6UaiJZOGXW9hY27IrJlxYnPYcgS0kLJbWLPVcCoYvoyMct2nA+WNu6veo6h/4juwZjjY2OXgN4xY5a1ewjckKJ48TT9OTF85UiHXtoc1rZ9oBKcz2pJ593X0WRMJ/ocqzyLKf1fm8HbCclPTT57NztQj3/AYOlvDIS9PBU3D3By6Ls/e/qinwdEeqk4pwA9R/Nv30GKtVoq9UTBvEkdkktHy4SVvNocwN+RTwqmaLsOYfML8z8JCutYBvfvz+kF4mBf/os7Y6AfcwS+yiFpWjsluFy2g==
Received: from PH7PR15MB6084.namprd15.prod.outlook.com (2603:10b6:510:24f::12) by SJ0PR15MB5824.namprd15.prod.outlook.com (2603:10b6:a03:4e7::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.32; Wed, 16 Apr 2025 17:45:42 +0000
Received: from PH7PR15MB6084.namprd15.prod.outlook.com ([fe80::50c9:ce00:f231:376e]) by PH7PR15MB6084.namprd15.prod.outlook.com ([fe80::50c9:ce00:f231:376e%6]) with mapi id 15.20.8632.030; Wed, 16 Apr 2025 17:45:42 +0000
From: Jasdip Singh <jasdips@arin.net>
To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-regext-rdap-geofeed-09
Thread-Index: AQHblOl7DLoujapKGUeCSCam5RfWK7OmwZm/
Date: Wed, 16 Apr 2025 17:45:42 +0000
Message-ID: <PH7PR15MB608443C4B81851E9F744BC0EC9BD2@PH7PR15MB6084.namprd15.prod.outlook.com>
References: <174196083789.1147960.9772417019019095779@dt-datatracker-775fc5cbb8-824tp>
In-Reply-To: <174196083789.1147960.9772417019019095779@dt-datatracker-775fc5cbb8-824tp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arin.net;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR15MB6084:EE_|SJ0PR15MB5824:EE_
x-ms-office365-filtering-correlation-id: b74d8107-8997-49f5-745e-08dd7d0e822b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018|13003099007|8096899003;
x-microsoft-antispam-message-info: 35Bk4bOYdFxz7MpDyGGLEOorLjApCmvLzMwufkfhiywmdeepqQJ+QO8MiyPbPDMb4KCo53m3irjFib1hx6NDNCA6cZhLt8TnIRxvHgqE23MJI69NYE8Ecb+gupUfXQily9QRcbJe8Gekhc9Fn+ay80XLz/HuYwiP+sYSF5D3bjfYgwBFEzctDc/3J4goFInulP9q1jdQyrLLRqDNDvHMrRRko2XdlsdGqweTuJTwnLRbTo1c+q1J+nnaoUrT+YTYENwZlbkIuA7iRVrLP/r/Ey3xpYWSpfg+WrDTu69EXFLFxp1aWLA0Lhd/PP4Tm347FSarWV9zxo2oDnniwAetcGLjzsk3pC2uE+JTR5TTfAmSFbVa7Vn35DZZ3XKhSiJxFslxoV2tX4cfM3mZ/cy3zDhc54Op89IPq2FhZ6CCNlhPRg5Tu9vptwul0JWz0/rwnSidcReHFD/xtFwJmM1QGrnLuNwpQ0rPiR7tZR99nOMDdB5OYzcPXSLbnHBiP+g2fNuIsZTsw/7GOaNnWsrqHbhLv+sNqrIgohXCk8AsIMUhMOwpEtWfgziGSR+qKI2r5XeYziHbKALUcICWWziGtf+6/PCC5WHfXQtGRWKM9lBKmUG5cJfp1fWMTUbTmwnCH8JZsGlEu71ElhlGnoqLVphGh/YULnWQC1de4ni73dxvZWVWoI4gwkO4ZsK8E4EbYlkxnEwboHN+28Vxu+TNNvWcHgu6yYWq3LRZuOuS06eSEfpY0jBdwEBS6ZTvOwJuNA5PW/lUyH18FoGmAsnzq0yI8OzvPbQaAa9oTeSnh43YCi3Fep4OWqNRfiZnTLevvEAd4FRuppb7os+c41DCYH1RqXNx2abKIhARosKXwZr+XtLm14k7J9DuIwy2NuUyXf7Q0xvWvnwBKS0aPbAQFCxWigErFTpMXpaZ4O9jswIuh2mt3DBSSpcSJk4z6llpaGuVJ2wXy/VlLjd/b6l6Bsuip3Klw80JHhdhGmTxQoc3GsejtfTElCD7QLJrD9kzKEwII731qOYGMP5SVQZMrncYWY1tJKE0WTlTw7UATYSlSAca9EPln54tOseFy7BY4Q4FwSXVTnU2bgfcmMzcXijDAyPlNi7aDtmN2wl8iLnhst1Gt0zMKo+nNfwLdJ7fioDv5WfegzuY/VKy1IsPXUd74Rqq7Wisu2GTUJTBpIK0+fSQ9ySwoH2C6d5IA4Qy0CzeevtAGquItHvmIdYoPL68zN5XRm3wKWx6uibL0Oq8zxMj+mCq2/h82pdyd8bgrdl4eiVr/t6jZ/f9FNVyuyIwxppZYxvN7HnfYjnq4woUMUNLujhOsEA5HgpzJaKv3OZ8V6YOSBxUzBb/jJ464hCpIhcUYhcp4iItzm1ERjl1MrW4LrNxXMrHxyiJflGrHxWiqmfdFB4OntMioN353fO9lzEjsqJ2AtCRiGvZqhW0v+CAs8m53zDnsHds2nursSWxzGur3LGP392lgbJQs1hF2EPBr6O0ByB3mqg+Q3A=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR15MB6084.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018)(13003099007)(8096899003);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: EUQGXSyK7ssPwzkCDqaZq9x5GCC6QUS7Vn4XsaXzZ8aSyeSi6vTLIrGbgb4tFPJxlUf/GB0g/j7jO7Cc8oYIfreVPi7vpKwMwnTPTBuvakISohhdr94V8Ppu6aR6VZKSPYr35XZgtB+VaLaxPAOJupV9XEmEUur66JsHJyu4qL2FQ3jBA8b9/z89F/ZWTyuoOhFmNpgvtoUCNVtHvIAgWIWLTxK2nSE+tdsY0wA8MKs/cTn+rmkFshaqgSN7Y0gBqjTO/R0ASABKk349BbG/0rCdM+OE6/R6Dn97jlOQAjEE1hdFuvP/Lyb6qQu7F3Hyq9uLcX/n6FoQ72UDYl22clPqQwZJr8C9MR05p5ERim0I1Wwb7cV8Fx1ZGYKPtho65dk/VHUyFZFxDGFZ0weidDKQK5V0trEbFzJFESM/rQ64c6gxh1lDnD+ELAOryiAGMRLAXea0nGRIgVPDlVR53yDbl9CGXtTLZoRutLWZjEta666DTj0SNd3asKVf6pDbjG9Cr+CTy9ew3e1pf7pC+vdsojD926UNcKnORR03CzS+9tKHkOa5Clfgky4hsvSWSY0b4e/AX7X6F71Kn74eONFM7RMRyxbQzyG/WJyeGRtuHl+6yZImpOc0E+f2J5wWuDoTc0h/od8uhLbuAExWaPxEA4vi1wnz0dO3JvsbozS03e9aMvfvjATOmglCxCPq1P0wKOWrOWJ/l5NreSWSriumZxeXWM5k/vH1ZOmVTketlcOedbzoVgcI6u635M3gMQc1wbrC95oZxlkNoLKUatMdGlxnVZa0ugiUandlXXJEOYurblc/PZfZFlpmylq7/ZScpH7bcMEEi28aH0qTnwlc+VXrKScpLCD5eI0CnGa6UJYeq+SI3XK+Pkfz4Ky0b7nH3xo7MEijU61zasFqObHx/CR8kaSTADrfIOKzMNJ80kJDFY5VahVcC/ibP9xRvw0EkBWZy2TJmIU6/DaU+LqDaOHyFIUalGp7Dn0uMXUu2/e446xldDcwSF1sNInVvELwv0uSWot3I9ECNAod4mOkBkLcfComdcrdazbB2ZXJVC03XshKqZD73R+iq5E/g9hEApZYICYUDVE0HyCjc+3YRDkrQnLMOzLqzaDu+mkaiMfgTO5Tc05c1TVmMkOSYrT1HsQFWU2eWUboEsVUdejBPT72MBPBNSqIYRajXqdR6q+H60OTH+JETgawgF32HIkhAtqvRtHK1vBRv10YssC0UogsscxpV/Vi8PvLH0UrigxOE8Ko+EgGLPXHwOAQAInSRNay0Drlfp7Cl/zHIIqVHJU3PEKOpPfrDQRZdVpnR8SAkcarKH70gvQK2DxunVO0YuHh18Iyw70r8Ntok0eamoT10Q+Bt/WyhcfZlAfYVEPv65rqqDk0ennw53PtdPYd0Kf+pUwcp3nvCAmy3Ts45YdEv+BHTN2B6tusNo0CpDTY03KWRzXFHITgldepKGfzugzfgd1tEXZCcdhDq5gmbvhYjOmvQLXX32b9QGLWtpn4dAVHFrC46rxC+3TX+iQiY8/G7LMkKfrulCp3ZsRXHNjZP51T8y82WteuLsA7yWYHcKlLAEXZspPYu47p2c5/eJg5SCJMqdW7RC82YA==
Content-Type: multipart/alternative; boundary="_000_PH7PR15MB608443C4B81851E9F744BC0EC9BD2PH7PR15MB6084namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR15MB6084.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b74d8107-8997-49f5-745e-08dd7d0e822b
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2025 17:45:42.3193 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cad70df5-eb75-43b7-adb3-12798d38d9b7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BNgoCNa+MqvsuM9Kxws1r/E24jCMxxERyuMfhnC5TiuCd/fTJ3O84nfwRWJ/PQ+99IVjIBnbuex/j8Iwi9+JWA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR15MB5824
X-OriginatorOrg: arin.net
Message-ID-Hash: KA43TOYE5NLLQJQS6POTT2XZHEY5RSXG
X-Message-ID-Hash: KA43TOYE5NLLQJQS6POTT2XZHEY5RSXG
X-MailFrom: jasdips@arin.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-regext-rdap-geofeed.all@ietf.org" <draft-ietf-regext-rdap-geofeed.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "regext@ietf.org" <regext@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [secdir] Re: Secdir last call review of draft-ietf-regext-rdap-geofeed-09
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HvNnlPLEtpwStJ8O_G-7As7MbB8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

Hi Rifaat,

Thank you for your review of this draft. Please find below our comments.

Also, please see [1] for the diffs in the updated draft.

Thanks,
Jasdip & Tom

[1] https://author-tools.ietf.org/iddiff?url2=draft-ietf-regext-rdap-geofeed-10

From: Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org>
Date: Friday, March 14, 2025 at 10:00 AM
To: secdir@ietf.org <secdir@ietf.org>
Cc: draft-ietf-regext-rdap-geofeed.all@ietf.org <draft-ietf-regext-rdap-geofeed.all@ietf.org>, last-call@ietf.org <last-call@ietf.org>, regext@ietf.org <regext@ietf.org>
Subject: Secdir last call review of draft-ietf-regext-rdap-geofeed-09
Reviewer: Rifaat Shekh-Yusef
Review result: Has Issues

Section 2.1.

“optional Resource Public Key Infrastructure (RPKI, [RFC6480]) signature”

Did you mean to refer to RFC6488?

[JS] No, RFC 6480 is the introductory RFC for RPKI and this reference helps introduce the “RPKI” term for the first time in the spec.


Section 5, Security Considerations

“The geofeed file may also contain an RPKI signature.”

You might want to add a reference to the RPKI signature spec.

[JS] Thanks, added the reference.


Also, what is this document’s opinion on this signature? It just states that
the file “may contain…” I think it warrants adding a sentence or two to
elaborate on this.

[JS] In our opinion, since this “may” follows from Section 5 of RFC 9632, the reader should be able to consume related authoritative text from that RFC.


“Besides that, this document does not introduce any new security considerations
past those already discussed in the RDAP protocol specifications.”

You might want to add references to the other specs that cover the security
aspects of the RDAP protocol.

[JS] Thanks, added the relevant references.

v2.30.2 | Report a Bug | By Email | System Status