Re: [sidr] Alexey Melnikov's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)
Brian Haberman <brian@innovationslab.net> Tue, 17 May 2016 14:22 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19B1712D64A; Tue, 17 May 2016 07:22:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2jIDo483aiTc; Tue, 17 May 2016 07:22:16 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 675D012D650; Tue, 17 May 2016 07:22:16 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id 48E698810D; Tue, 17 May 2016 07:22:16 -0700 (PDT)
Received: from clemson.jhuapl.edu (swifi-nat.jhuapl.edu [128.244.87.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 971B4328081A; Tue, 17 May 2016 07:22:15 -0700 (PDT)
To: Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>
References: <20160516184515.16709.44619.idtracker@ietfa.amsl.com>
From: Brian Haberman <brian@innovationslab.net>
Message-ID: <db71fa7f-ec44-f575-4b92-3412d70c29af@innovationslab.net>
Date: Tue, 17 May 2016 10:22:09 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <20160516184515.16709.44619.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="239v6NMp7VoH91kOscQo7Ug7qCCwI24mx"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/jaMpu-s5POpVBa98ul1dxr8bMz0>
Cc: sandy@tislabs.com, sidr-chairs@ietf.org, draft-ietf-sidr-rpsl-sig@ietf.org, sidr@ietf.org
Subject: Re: [sidr] Alexey Melnikov's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2016 14:22:18 -0000
Hi Alexey,
Thanks for the feedback. I have placed responses in-line...
On 5/16/16 2:45 PM, Alexey Melnikov wrote:
> Alexey Melnikov has entered the following ballot position for
> draft-ietf-sidr-rpsl-sig-11: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-sidr-rpsl-sig/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> This is a generally a well written document and I don't object to its
> publication. However I have several minor but important points which
> should be easy to address:
>
> In Section 2.1:
>
> Reference to the certificate corresponding to the private key used to
> sign this object (field "c"). The value of this field MUST be a URL of
> type "rsync" or "http(s)"
>
> You need to have Normative references for the corresponding URI RFCs: RFC
> 5781 for rsync URIs and RFC 7230 for http/https URIs.
>
> that points to a specific resource certificate in an RPKI repository
> [RFC6481]. Any non URL-safe characters (including semicolon ";" and plus
> "+") must be URL encoded.
>
> This really need a Normative reference to RFC 3986.
>
Both of the above sound reasonable. The resulting text will be:
o Reference to the certificate corresponding to the private key used
to sign this object (field "c"). The value of this field MUST be
a URL of type "rsync" [RFC5781] or "http(s)" [RFC7230] that
points to a specific resource certificate in an RPKI repository
[RFC6481]. Any non URL-safe characters (including semicolon ";"
and plus "+") must be URL encoded [RFC3986].
>
> The signature itself (field "b"). This MUST be the last field in the
> list. The signature is the output of the signature algorithm using the
> appropriate private key and the calculated hash value of the object as
> inputs. The value of this field is the digital signature in base64
> encoding [RFC4648].
>
> As RFC 4648 specifies 2 base64 alphabets, you need to include section
> number. I think you meant Section 4 (and not Section 5).
Yes. I will include Section 4 in the reference to 4648.
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> In Section 2.1:
>
> Time of signing (field "t"). The format of the value of this field MUST
> be in the Internet Date/Time format [RFC3339]. All times MUST be
> converted to Universal Coordinated Time (UTC)
>
> To be pedantic, you should clarify that you mean the date-time ABNF
> production with the timezone always being "Z".
Done.
>
> In 3.1, inside numbered list (item 3):
>
> * Converting all line endings to a single blank space.
I will note that it will be ASCII code 32. I will also add ASCII codes
for newline and tabs mentioned elsewhere.
The above changes are queued up in a -12 version.
Regards,
Brian
- [sidr] Alexey Melnikov's Discuss on draft-ietf-si… Alexey Melnikov
- Re: [sidr] Alexey Melnikov's Discuss on draft-iet… Brian Haberman