Re: [secdir] Secdir review of draft-ietf-sidr-rpki-algs-04

Stephen Kent <kent@bbn.com> Mon, 28 March 2011 07:46 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7910B3A68D2; Mon, 28 Mar 2011 00:46:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.55
X-Spam-Level:
X-Spam-Status: No, score=-102.55 tagged_above=-999 required=5 tests=[AWL=0.049, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P1AIJoHji3Dm; Mon, 28 Mar 2011 00:46:08 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id A40D03A6886; Mon, 28 Mar 2011 00:46:08 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:51200 helo=[130.129.71.125]) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Q47Av-000Ou4-NS; Mon, 28 Mar 2011 03:47:45 -0400
Mime-Version: 1.0
Message-Id: <p06240804c9b5ec3f841b@[130.129.71.125]>
In-Reply-To: <BC4FD686-8AE2-472C-9677-B7DA1FA10060@cisco.com>
References: <BC4FD686-8AE2-472C-9677-B7DA1FA10060@cisco.com>
Date: Mon, 28 Mar 2011 03:47:29 -0400
To: Brian Weis <bew@cisco.com>
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Cc: sidr-chairs@tools.ietf.org, iesg@ietf.org, draft-ietf-sidr-rpki-algs@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-sidr-rpki-algs-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 07:46:09 -0000

At 1:37 PM -0700 3/27/11, Brian Weis wrote:
>I have reviewed this document as part of the security directorate's 
>ongoing effort to review all IETF documents being processed by the 
>IESG. These comments were written primarily for the benefit of the 
>security area directors. Document editors and WG chairs should treat 
>these comments just like any other last call comments.
>
>This document describes the algorithm suite used as part of the 
>RPKI. The suite specifies a single signature algorithm (RSA) with a 
>single key size, a single hashing algorithm (SHA-256), a single 
>signature format, and formats for describing the public key. Section 
>5 indicates that this profile will be updated when the RPKI needs to 
>adapt different choices. I was glad to see such an algorithm agility 
>plan, but this implies that this will in fact never have a peer 
>document describing another profile. In such a case I would expect 
>the document title to be more inclusive (e.g., drop the first three 
>words of the title). Alternatively, it might be helpful to describe 
>in Section 5 under what circumstance another profile would be 
>published instead of updating this one.
>
>The Security Considerations document refers the reader to the 
>security considerations described in several other documents. After 
>reading those sections, I agree this is appropriate.
>
>Brian

Brian,

There will be another profile that will define two sets of algs, 
current and next.  See daft-sidr-algorithm-agility-00.txt for the 
description of how alg migration is anticipated to work. I hesitate 
to put a (normative) reference to that doc in here, because it is not 
yet approved and might slow down the
set of SIDR docs that rely, normatively, on the doc that you reviewed.

Steve