[sidr] Stephen Farrell's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)

"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Wed, 18 May 2016 15:51 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160518155109.14693.29705.idtracker@ietfa.amsl.com>
Date: Wed, 18 May 2016 08:51:09 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/3xUZSoTQYXmZWj0Up0x0TGqjPwU>
Cc: sidr@ietf.org, sidr-chairs@ietf.org, draft-ietf-sidr-rpsl-sig@ietf.org, sandy@tislabs.com
Subject: [sidr] Stephen Farrell's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)

Stephen Farrell has entered the following ballot position for
draft-ietf-sidr-rpsl-sig-11: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-sidr-rpsl-sig/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


I'd like to check one thing - this may be needed for strict
compliance with RPKI thing but it seems kinda weird to also
impose that here, but anyway...

Is 3.2 step 1 needed?  That seems like useless complexity
here.  If it is needed, how does the verifier check that
it's really a single-use? I don't see the point TBH.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


- If you keep the potential for http(s) URIs then I think
more text is needed in the security considerations but
it looks like you're taking that out for now so I guess
that's ok. 

- 2.1, I don't see why it's useful to allow variation in the
fields of the signature attribute e.g. why "MAY" the version
not be 1st?

- 2.1, "t=" and "x=" any limits on precision here?
(Non-)support for fractional seconds can be a source for
non-interop if not. The "All times MUST be converted to" is
also actually a little ambiguous as you don't say to do that
before signing;-)

- 2.1, "a=" did you want a lowercase "must" there?

- Are steps 2 and 3 in 3.1 order-sensitive? I think you
might sometimes need to do 2 after 3, or re-do 2 maybe or
else leading whitspace could be an issue. Maybe say that
sometimes you need to do step 2 >1 time?  

- 3.1, oops, an ambiguity - in "The following steps MUST be
applied in order..." does "in order" mean "in the order
below" or "so as to"? I assume the latter.

- 3.1: In general I think you'd be better if you pointed at
specific bits of text in all the RFCs mentioned in 3.1 -
it's maybe easy to get wrong otherwise, esp. if we don't yet
have >1 implementation. 

- 3.1, step 6: names are all ASCII right? just checking

- 3.2, step 1 - given 3.3 step 2, you're missing a step to
"publish the cert" at the c= location as well.

[sidr] Stephen Farrell's Discuss on draft-ietf-si… Stephen Farrell
Re: [sidr] Stephen Farrell's Discuss on draft-iet… Brian Haberman
Re: [sidr] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
Re: [sidr] Stephen Farrell's Discuss on draft-iet… Brian Haberman
Re: [sidr] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
Re: [sidr] Stephen Farrell's Discuss on draft-iet… Sandra Murphy
Re: [sidr] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
Re: [sidr] Stephen Farrell's Discuss on draft-iet… Brian Haberman
Re: [sidr] Stephen Farrell's Discuss on draft-iet… Brian Haberman