Re: [secdir] SecDir review of draft-ietf-sidr-adverse-actions-03

["Brian Weis (bew)" <bew@cisco.com>]

Hi Steve & Declan,

On Jan 6, 2017, at 7:13 AM, Steve KENT <steve.kent@raytheon.com<mailto:steve.kent@raytheon.com>> wrote:

Brian,

I agree that "addressed" should be changed. How about "encompassed”?

Perfect choice of word.


I agree that suppression also applies in the context of a planned  (or emergency) cert rollover. We can add a sentence to note that expiration of a cert that was intended to be rolled over is also a potential outcome.

That would be very useful, I think.

Thanks,
Brian


Thanks,

Steve
________________________________
From: Declan Ma <madi@zdns.cn<mailto:madi@zdns.cn>>
Sent: Friday, January 6, 2017 2:16:02 AM
To: Brian Weis (bew)
Cc: secdir; The IESG; draft-ietf-sidr-adverse-actions.all@tools.ietf.org<mailto:draft-ietf-sidr-adverse-actions.all@tools.ietf.org>; Stephen Kent; Declan Ma; Chris Morrow; Sandra Murphy; Alvaro Retana (aretana); db3546@att.com<mailto:db3546@att.com>; akatlas@gmail.com<mailto:akatlas@gmail.com>; draft-ietf-sidr-adverse-actions.all@ietf.org<mailto:draft-ietf-sidr-adverse-actions.all@ietf.org>; Declan Ma
Subject: Re: SecDir review of draft-ietf-sidr-adverse-actions-03

Dear Brian,

Thanks for reviewing this document.


> 在 2017年1月5日，01:37，Brian Weis (bew) <bew@cisco.com<mailto:bew@cisco.com>> 写道：
>
> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.
>
> As stated in the Abstract, this document analyzes actions by or against a CA or independent repository manager in the RPKI that can adversely affect the Internet Number Resources (INRs) associated with that CA or its subordinate CAs. Put another way, it documents threats to the RPKI/BGPSEC PKI, in which there are unique threats to the PKI that can adversely affect Internet routing. The document is well written and internally consistent. The Security Considerations section is adequate.
>
> I consider this draft Ready to publish, but here are a couple of discretionary comments for the authors.
>
> 1. The end of section 2 says "Note that not all adverse actions may be addressed by this taxonomy.”. The phrase “addressed by” confused me a little bit, as it implies some recommendation or remediation ― which this document does not attempt to do. This might be more clearly worded as “described by” or “included in”.

I think this is really a good suggestion.

>
> 2. In section 2.1, A-1.2 (Suppression), it seems that suppression could result in the CA certificate intended to be replaced to expire before an intended CA rollover operation happens due to thes suppressed replacement certificate. Perhaps it is not noted because this threat is not specific to RPKI/BGPSEC, but it could be another serious suppression affecting Internet routing.

CA rollover operation is a specific scenario where CA certificate suppression could take place. As this document focuses on the harmful results of adverse actions not the causes nor motivations of adverse actions, we authors don’t note this case specially you just mentioned.  Anyway, we authors will be considering this comments from you when updating this draft in its next version.

Di

--
Brian Weis
Security, CSG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com<mailto:bew@cisco.com>