[Sidrops] Martin Vigoureux's No Objection on draft-ietf-sidrops-rtr-keying-03: (with COMMENT)

Martin Vigoureux <martin.vigoureux@nokia.com> Thu, 24 January 2019 13:16 UTC

Return-Path: <martin.vigoureux@nokia.com>
X-Original-To: sidrops@ietf.org
Delivered-To: sidrops@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 62D3F130E6E; Thu, 24 Jan 2019 05:16:25 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Martin Vigoureux <martin.vigoureux@nokia.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sidrops-rtr-keying@ietf.org, Chris Morrow <morrowc@ops-netman.net>, sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.90.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154833578539.25088.8998015406968018020.idtracker@ietfa.amsl.com>
Date: Thu, 24 Jan 2019 05:16:25 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/D8H14OrHAtdWAGGupXrhWY8xsSY>
Subject: [Sidrops] Martin Vigoureux's No Objection on draft-ietf-sidrops-rtr-keying-03: (with COMMENT)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 13:16:25 -0000

Martin Vigoureux has entered the following ballot position for
draft-ietf-sidrops-rtr-keying-03: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rtr-keying/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Hello,

thank you for this Document.
I only have a couple of questions:

   In the operator-generated method, the operator SHOULD extract the
   certificate from the PKCS#7 certs-only message, and verify that the
   private key it holds corresponds to the returned public key.

   The router SHOULD extract the certificate from the PKCS#7 certs-only
   message and verify that the public key corresponds to the stored
   private key.

I believe SHOULD applies to extract and to verify, correct?
But I wonder why isn't that a MUST, or asked differently, what could happen
wrong if that verification was not done?

Thank you