Re: [secdir] [sidr] Secdir last call review of draft-ietf-sidr-slurm-06

Di Ma <madi@zdns.cn> Tue, 27 February 2018 11:14 UTC

Return-Path: <madi@zdns.cn>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EED61274D2 for <secdir@ietfa.amsl.com>; Tue, 27 Feb 2018 03:14:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.254
X-Spam-Level:
X-Spam-Status: No, score=-1.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4afXqSdB9HvK for <secdir@ietfa.amsl.com>; Tue, 27 Feb 2018 03:14:36 -0800 (PST)
Received: from smtpproxy19.qq.com (smtpproxy19.qq.com [184.105.206.84]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE84D128959 for <secdir@ietf.org>; Tue, 27 Feb 2018 03:14:35 -0800 (PST)
X-QQ-mid: bizesmtp5t1519730070t6a1y4rbg
Received: from [192.168.3.3] (unknown [117.100.128.114]) by esmtp4.qq.com (ESMTP) with id ; Tue, 27 Feb 2018 19:14:27 +0800 (CST)
X-QQ-SSF: 00400000004000F0FG40000A0000000
X-QQ-FEAT: pTE/Q6TrPPeyoiaMIungJVAJjjZZeojkhnuUCrPz72zbUsk/lZDRoEHQnWGkF OJs60jYpeHryq+zmoAgUMarVDJ9bAxBBymDkXewAeM+DPNYCoCjxYuPL44aLIq4Z5iWUxIs eEQO3RI3Wf8rafJaqoaJfpAx7TpN16nB1+FCIaexi1dZi7/DUpEA1fIl63mOGM9uS4jWUpS 8Acjcpu7aW/NF3kmsVFIRntGBRatZpnY6cintXCnheHQz4TzxvjPto4wAOv5tbrS02uRnxe PqtUHY93b16vRXhkuMewgYHDxlbu1VtHUtpQ==
X-QQ-GoodBg: 2
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Di Ma <madi@zdns.cn>
In-Reply-To: <151913883228.4660.15594261925083651299@ietfa.amsl.com>
Date: Tue, 27 Feb 2018 19:14:27 +0800
Cc: secdir <secdir@ietf.org>, ietf@ietf.org, draft-ietf-sidr-slurm.all@ietf.org, sidr@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <5DC08C9A-C97E-4E8B-918B-A33E6D401FBD@zdns.cn>
References: <151913883228.4660.15594261925083651299@ietfa.amsl.com>
To: Daniel Migault <daniel.migault@ericsson.com>
X-Mailer: Apple Mail (2.3445.5.20)
X-QQ-SENDSIZE: 520
Feedback-ID: bizesmtp:zdns.cn:qybgforeign:qybgforeign2
X-QQ-Bgrelay: 1
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/XeBHfllIkq7m3uM3fipM-vf2YXc>
Subject: Re: [secdir] [sidr] Secdir last call review of draft-ietf-sidr-slurm-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2018 11:14:40 -0000

Daniel,

Thanks for your review.

Please see my responses in lines.


> 在 2018年2月20日,23:00,Daniel Migault <daniel.migault@ericsson.com>; 写道:
> 
> Reviewer: Daniel Migault
> Review result: Has Nits
> 
> Hi, 
> 
> I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the 
> IESG.  These comments were written primarily for the benefit of the 
> security area directors.  Document editors and WG chairs should treat 
> these comments just like any other last call comments.
> 
> The summary of the review is Ready with nits:
> 
> •	section 1: Introduction
> 
>   However, an RPKI relying party may want to override some of the
>   information expressed via putative TAs and the certificates
> 
> <mglt>It seems that TA is being used for the first time here. The acronym
> should be extended to ease the reading of the document. I am reading it 
> as Trust Anchor.</mglt>
> 

Yes. We will use Trust Anchor for its first use. 

> 
> •	section 2.  RPKI RPs with SLURM
> 
>   SLURM provides a simple way to enable RPs to establish a local,
> 
> <mglt>It seems to me the acronym RP is used for the first time. It seems that 
> it should be expanded to ease the reading of the document. I am reading it 
> as Relaying Party.</mglt>

Yes. We will use Relaying Party for its first use. 

> 
> 
> •	section 6 Security considerations
> 
> <mglt>I My reading is that the section catches the criticality of the SLURM 
> files and that network operators are already familiar provisioning critical 
> data. As such I believe the section is sufficiently clear.</mglt>
> 
> •	whole document:
> 
> <mglt>It seems that BGPSec, and BGPsec are used together. I believe this 
> should be harmonized to BGPsec.</mglt>

We will use BGPsec throughout this document as used by RFC 8205. 

Di