Re: [Sidrops] AD Review of: draft-ietf-sidrops-rpki-has-no-identity
Russ Housley <housley@vigilsec.com> Thu, 03 March 2022 15:52 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 693F13A0D5D;
Thu, 3 Mar 2022 07:52:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01]
autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id SvogczMKcpYU; Thu, 3 Mar 2022 07:52:11 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id E678B3A0D5B;
Thu, 3 Mar 2022 07:52:10 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1])
by mail3.g24.pair.com (Postfix) with ESMTP id 711DDE826E;
Thu, 3 Mar 2022 10:52:09 -0500 (EST)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail3.g24.pair.com (Postfix) with ESMTPSA id 5A069E88AE;
Thu, 3 Mar 2022 10:52:09 -0500 (EST)
Content-Type: text/plain;
charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CAHw9_i+Ti0ghT7C+UMVSR2Xjc2ynPxoe3Q4wUDFCaci88-TRaA@mail.gmail.com>
Date: Thu, 3 Mar 2022 10:52:08 -0500
Cc: SIDR Operations WG <sidrops@ietf.org>,
draft-ietf-sidrops-rpki-has-no-identity@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <1C80C283-B3B4-41C4-B983-95C7B1775A5C@vigilsec.com>
References: <CAHw9_i+Ti0ghT7C+UMVSR2Xjc2ynPxoe3Q4wUDFCaci88-TRaA@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/1ccoe3lRqpQL7oHeBD3L63EFszg>
Subject: Re: [Sidrops] AD Review of: draft-ietf-sidrops-rpki-has-no-identity
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>,
<mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>,
<mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2022 15:52:16 -0000
Warren: Thanks for the review. > Firstly, thank you very much for this document, and apologies it has taken a while for me to review it. > > I must admit that I *wanted* to / felt I should be able to use the RPKI to do things like sign LOAs and similar "the RIR says I'm the 'owner', seem mah cert!" type things, and so, even though the document makes me sad, it's useful and needed. > > I do have a number of editorial comments / nits. Addressing these > before IETF LC and IESG review should make progressing the document > easier and smoother, as well as being politer to the RFC Editor. > > Please let me know LOUDLY once you'd had a chance to address them, and I'll start IETF LC. > > Issues / comments: > Sec 1: > O: "Though since, it has grown to include..." > C: I don't have suggested text, but "Though since" is difficult to > parse -- it's not clear from the prior sentence what the "though" or > "since" refer to. Perhaps "Since publication of [RFC6480], the term has grown > to include ..."? Actually, I'm not really sure what the sentence was trying to > say though, so I have no idea if my suggestion works... I suggest: "Since initial deployment, the RPKI has grown to include ..." > Nits: > Sec 1: > O: "In security terms the phrase "Public Key"... " > P: "In security terms, the phrase "Public Key" ..." > C: Comma. > > O: "But in reality, the RPKI certificate is only an > authorization to speak for for the explicitly identified INRs;" > P: "But in reality, the RPKI certificate is only an > authorization to speak for the explicitly identified INRs;" > C: Repeated 'for' > > Sec 2: > O: "Registries such as the Regional Internet Resistries (RIRs)" > P: "Registries such as the Regional Internet Registries (RIRs)" > C: Typo > > O: "That the RPKI does not authenticate real world identity is a feature > not a bug." > P: "That the RPKI does not authenticate real world identity is a feature, > not a bug " > C: Comma The above suggestions seem fine to me. > O: "Note that, if there is sufficient external, i.e. non-RPKI, > verifcation of authority" > P: Note that, if there is sufficient external, i.e. non-RPKI, > verification of authority" > C: Typo Suggestion for the whole paragraph: Given sufficient external, i.e. non-RPKI, verification of authority, the use of RPKI-based credentials seems superfluous. > Sec 4: > O: "When a document is signed with the private key associated with a RPKI > certificate" > P: "When a document is signed with the private key associated with a RPKI > certificate" > C: s/a/an/ - grammar I can see this one either way. > > Misc: > s/real world/real-world/g -- I think? If you mean in Sec 2: s/real world identity/real-world identity/ s/real world documents/real-world documents/ Russ
- [Sidrops] AD Review of: draft-ietf-sidrops-rpki-h… Warren Kumari
- Re: [Sidrops] AD Review of: draft-ietf-sidrops-rp… Russ Housley
- Re: [Sidrops] AD Review of: draft-ietf-sidrops-rp… Warren Kumari
- [Sidrops] LOUDLY Re: AD Review of: draft-ietf-sid… Randy Bush
- Re: [Sidrops] LOUDLY Re: AD Review of: draft-ietf… Warren Kumari