[sidr] Review of draft-ietf-sidr-bgpsec-pki-profiles-21

Shucheng LIU <liushucheng@huawei.com> Thu, 02 March 2017 08:36 UTC

Return-Path: <liushucheng@huawei.com>
X-Original-To: sidr@ietf.org
Delivered-To: sidr@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B485B1299F5; Thu, 2 Mar 2017 00:36:33 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Shucheng LIU <liushucheng@huawei.com>
To: <ops-dir@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.46.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148844379373.7077.11693707774114284535.idtracker@ietfa.amsl.com>
Date: Thu, 02 Mar 2017 00:36:33 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/hwBhDqYLgFfbyu3X_tQ7Nii9_ak>
Cc: draft-ietf-sidr-bgpsec-pki-profiles.all@ietf.org, ietf@ietf.org, sidr@ietf.org
Subject: [sidr] Review of draft-ietf-sidr-bgpsec-pki-profiles-21
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 08:36:34 -0000

Reviewer: Shucheng LIU
Review result: Ready

Hi all,

Sorry that it seems I missed this review request. I guess it's the
first one assigned to me via the new review system.

I have reviewed draft-ietf-sidr-bgpsec-pki-profiles-21 as part of the
Operational directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written with the
intent of improving the operational aspects of the IETF drafts.
Comments that are not addressed in last call may be included in AD
reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

“This document defines a standard profile for X.509 certificates used
   to enable validation of Autonomous System (AS) paths in the Border
   Gateway Protocol (BGP), as part of an extension to that protocol
   known as BGPsec.  BGP is the standard for inter-domain routing in
   Internet; it is the "glue" that holds the Internet together.
   is being developed as one component of a solution that addresses
   requirement to provide security for BGP.  The goal of BGPsec is to
   provide full AS path validation based on the use of strong
   cryptographic primitives.  The end-entity (EE) certificates
   by this profile are issued to routers within an Autonomous System.

   Each of these certificates is issued under a Resource Public Key
   Infrastructure (RPKI) Certification Authority (CA) certificate. 
   These CA certificates and EE certificates both contain the AS
   Identifier Delegation extension.  An EE certificate of this type
   asserts that the router(s) holding the corresponding private key
   authorized to emit secure route advertisements on behalf of the
   AS(es) specified in the certificate.  This document also profiles
   format of certification requests, and specifies Relying Party (RP)
   certificate path validation procedures for these EE certificates.
   This document extends the RPKI; therefore, this documents updates
   RPKI Resource Certificates Profile (RFC 6487).”

My overall view of the document is 'Ready' for publication.

** Technical **

** Editorial **

*Section 4

>BGPsec Router Certificates always include the BGPsec Rouer EKU
>     value; therefore, request without the value result in
>     with the value; and,