[secdir] secdir review of draft-ietf-sidr-cp-16.txt

Paul Hoffman <paul.hoffman@vpnc.org> Sun, 20 February 2011 22:06 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 049FF3A6CF7 for <secdir@core3.amsl.com>; Sun, 20 Feb 2011 14:06:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.323
X-Spam-Level:
X-Spam-Status: No, score=-101.323 tagged_above=-999 required=5 tests=[AWL=0.723, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O46cXxFgonFN for <secdir@core3.amsl.com>; Sun, 20 Feb 2011 14:06:08 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 13FCC3A6CD6 for <secdir@ietf.org>; Sun, 20 Feb 2011 14:06:07 -0800 (PST)
Received: from MacBook-08.local (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p1KM6lg6022009 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 20 Feb 2011 15:06:47 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Message-ID: <4D619077.4050706@vpnc.org>
Date: Sun, 20 Feb 2011 14:06:47 -0800
From: Paul Hoffman <paul.hoffman@vpnc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: secdir@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-sidr-cp@tools.ietf.org
Subject: [secdir] secdir review of draft-ietf-sidr-cp-16.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Feb 2011 22:06:09 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
  These comments were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

This document describes a certificate policy for Internet number 
resource holdings; basically, this is proposed to be the CP for the 
routing PKI being proposed in the SIDR WG. As such, it is a bunch of 
minutae that relying parties are supposed to care about, but will mostly 
accept blindly. This document is closely modeled after RFC 3647, the CP 
that is the framework for most CPs we see in the PKIX world.

The security considerations listed in the document seem fine. They call 
out the fact that names are not unique in the RPKI (as if they were in 
the normal PKIX world...), so that relying parties must not rely just on 
the names for chaining, but must also be sure the expected signing key 
is used as well. This document could have a zillion more security 
considerations aimed at relying parties that don't pay careful 
attention, but such text would likely be ignored by the same parties who 
ignore the main CP text. Thus, this document is fine as-is.

--Paul Hoffman