Re: [sidr] Alexey Melnikov's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)
Brian Haberman <brian@innovationslab.net> Tue, 17 May 2016 14:22 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19B1712D64A; Tue, 17 May 2016 07:22:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2jIDo483aiTc; Tue, 17 May 2016 07:22:16 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 675D012D650; Tue, 17 May 2016 07:22:16 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id 48E698810D; Tue, 17 May 2016 07:22:16 -0700 (PDT)
Received: from clemson.jhuapl.edu (swifi-nat.jhuapl.edu [128.244.87.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 971B4328081A; Tue, 17 May 2016 07:22:15 -0700 (PDT)
To: Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>
References: <20160516184515.16709.44619.idtracker@ietfa.amsl.com>
From: Brian Haberman <brian@innovationslab.net>
Message-ID: <db71fa7f-ec44-f575-4b92-3412d70c29af@innovationslab.net>
Date: Tue, 17 May 2016 10:22:09 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <20160516184515.16709.44619.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="239v6NMp7VoH91kOscQo7Ug7qCCwI24mx"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/jaMpu-s5POpVBa98ul1dxr8bMz0>
Cc: sandy@tislabs.com, sidr-chairs@ietf.org, draft-ietf-sidr-rpsl-sig@ietf.org, sidr@ietf.org
Subject: Re: [sidr] Alexey Melnikov's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2016 14:22:18 -0000
Hi Alexey, Thanks for the feedback. I have placed responses in-line... On 5/16/16 2:45 PM, Alexey Melnikov wrote: > Alexey Melnikov has entered the following ballot position for > draft-ietf-sidr-rpsl-sig-11: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sidr-rpsl-sig/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > This is a generally a well written document and I don't object to its > publication. However I have several minor but important points which > should be easy to address: > > In Section 2.1: > > Reference to the certificate corresponding to the private key used to > sign this object (field "c"). The value of this field MUST be a URL of > type "rsync" or "http(s)" > > You need to have Normative references for the corresponding URI RFCs: RFC > 5781 for rsync URIs and RFC 7230 for http/https URIs. > > that points to a specific resource certificate in an RPKI repository > [RFC6481]. Any non URL-safe characters (including semicolon ";" and plus > "+") must be URL encoded. > > This really need a Normative reference to RFC 3986. > Both of the above sound reasonable. The resulting text will be: o Reference to the certificate corresponding to the private key used to sign this object (field "c"). The value of this field MUST be a URL of type "rsync" [RFC5781] or "http(s)" [RFC7230] that points to a specific resource certificate in an RPKI repository [RFC6481]. Any non URL-safe characters (including semicolon ";" and plus "+") must be URL encoded [RFC3986]. > > The signature itself (field "b"). This MUST be the last field in the > list. The signature is the output of the signature algorithm using the > appropriate private key and the calculated hash value of the object as > inputs. The value of this field is the digital signature in base64 > encoding [RFC4648]. > > As RFC 4648 specifies 2 base64 alphabets, you need to include section > number. I think you meant Section 4 (and not Section 5). Yes. I will include Section 4 in the reference to 4648. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > In Section 2.1: > > Time of signing (field "t"). The format of the value of this field MUST > be in the Internet Date/Time format [RFC3339]. All times MUST be > converted to Universal Coordinated Time (UTC) > > To be pedantic, you should clarify that you mean the date-time ABNF > production with the timezone always being "Z". Done. > > In 3.1, inside numbered list (item 3): > > * Converting all line endings to a single blank space. I will note that it will be ASCII code 32. I will also add ASCII codes for newline and tabs mentioned elsewhere. The above changes are queued up in a -12 version. Regards, Brian
- [sidr] Alexey Melnikov's Discuss on draft-ietf-si… Alexey Melnikov
- Re: [sidr] Alexey Melnikov's Discuss on draft-iet… Brian Haberman