Re: [sidr] Ben Campbell's No Objection on draft-ietf-sidr-slurm-07: (with COMMENT)

Di Ma <> Fri, 06 April 2018 14:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BE70A1270AC for <>; Fri, 6 Apr 2018 07:29:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zNrcorHKozQd for <>; Fri, 6 Apr 2018 07:29:53 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 277E21201FA for <>; Fri, 6 Apr 2018 07:29:52 -0700 (PDT)
X-QQ-mid: bizesmtp3t1523024985tvkpi2n95
Received: from [] (unknown []) by (ESMTP) with id ; Fri, 06 Apr 2018 22:29:44 +0800 (CST)
X-QQ-SSF: 00400000002000F0FH40B00A0000000
X-QQ-FEAT: Q4mUGnBphwP5vxxIvtVyWDRIkVc5kGzHc4w6SXX6eMc7HKXpiOq6oxe6GUh82 S6gVPILIa4kxXjS8Du9vKvIImlhHAIr4ZD4LA764yjU7lpoCuugJFmBJ3/Rw7v43I2K0BYt YcWOSCRB/lZlL+W5707RdUlgGHVrMuIVSkw7/pTfwmwFRcpeez470wFm6ZNOmoOH61Fxz6Z jmzmf7s/3C7LZNmSXHViLk4Nm3jc0faZkn7qooKco9eRzuFelrPy2T1TnTb8vC8yK0MLtuz Y4iqBpfhxu+tN9nLZ+mIaLJCzIcd+ZBR7o8obARywCGWBWCis7OZOtmfw=
X-QQ-GoodBg: 2
Content-Type: text/plain; charset=gb2312
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Di Ma <>
In-Reply-To: <>
Date: Fri, 6 Apr 2018 22:29:44 +0800
Cc: The IESG <>,,,,
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Ben Campbell <>
X-Mailer: Apple Mail (2.3445.5.20)
X-QQ-Bgrelay: 1
Archived-At: <>
Subject: Re: [sidr] Ben Campbell's No Objection on draft-ietf-sidr-slurm-07: (with COMMENT)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Apr 2018 14:29:59 -0000


Thanks very much for your comments.

Please see authors' responses in lines.

> 在 2018年4月4日,03:43,Ben Campbell <> 写道:
> Ben Campbell has entered the following ballot position for
> draft-ietf-sidr-slurm-07: No Objection
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> Please refer to
> for more information about IESG DISCUSS and COMMENT positions.
> The document, along with other ballot positions, can be found here:
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Major Comments:
> §6: I also agree with Benjamin's sadness about the security considerations. The
> section really should at least discuss the potential consequences of an
> adversary inserting a false slurm file, modifying one on the fly, or
> eavesdropping on one.

We authors intend to work on a proposed standard mechanism for updating SLURM files through a secure API in the near future.

The very proposal is intended to be in a separate draft for SIDROPS. 

> Minor Comments:
> §1.1: The document contains at least a few lower case instances of "must".
> Please consider using the boilerplate from RFC 8174.


> §3.3, 1st paragraph: "RP SHOULD verify that the target is an acceptable value"
> What is the criteria for acceptability?

As we authors have decided to drop slurmTarget element, this is no longer an issue :-)

> §8.2, " [RFC4648]": The document requires Base64 encoding. Doesn't that make
> this a normative reference?

But it has been listed as a normative reference. 

> Editorial Comments and Nits:
> [significant] Abstract (and throughout the document):
> I don't find the term "local view of the RPKI" to be descriptive. IIUC, we are
> talking about overriding assertions that come from the RPKI based on local (or
> possibly 3rd party) knowledge. This seems to me to be a different thing than
> providing a "local view of the RPKI", and I certainly would not have gotten a
> sense of that difference from the Abstract alone, and possibly not the
> introduction.

We will make the change as follows:

  However, ISPs may want to establish a local view of the RPKI to control
  its own network while making use of RPKI data.

  However, ISPs may want to establish a local view of exceptions to the
  RPKI data in the form of local filters and additions.

Hopefully this will give context to the term ‘local view’ throughout the document.

> §1, last paragraph: Please expand or define rpki-rtr on first mention.


> §3.4.1: Please expand SKI on first mention. (You do so in the second mention
> :-) )