[Sidrops] AD review of draft-ietf-sidrops-bgpsec-rollover
Warren Kumari <warren@kumari.net> Tue, 03 October 2017 16:45 UTC
Return-Path: <warren@kumari.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09D99134F78 for <sidrops@ietfa.amsl.com>; Tue, 3 Oct 2017 09:45:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SotJ7iYkg8gZ for <sidrops@ietfa.amsl.com>; Tue, 3 Oct 2017 09:45:11 -0700 (PDT)
Received: from mail-wr0-x230.google.com (mail-wr0-x230.google.com [IPv6:2a00:1450:400c:c0c::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40A8F134F76 for <sidrops@ietf.org>; Tue, 3 Oct 2017 09:45:11 -0700 (PDT)
Received: by mail-wr0-x230.google.com with SMTP id l24so3902570wre.1 for <sidrops@ietf.org>; Tue, 03 Oct 2017 09:45:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=mQYrp2fcnjf9dsnOa4Klo7h5GQfGfZJQX8VgiX/FZZQ=; b=iShjXYZb8b2KFnvctO0eRJo96zg7GhWinIFKiCXxMXbU/e16nf+vFZH/2QYNS1tDQy 9qTcL5eeKIrovgVjt7DA0M5wotZ2MWfeYXTmw9zZ7mkcfoO/DFyAqbIRmmtvxts1P9cR DgZhS5g49W6ExQs2IsGvMZYzxnr2PVBC07QoToFxTS5xE3odMeQ/inoLxNv2kx29vAn3 MdcEm/gq18BB2pkYNakmeHu8+PkQ43gvLzJecWp6/gCPByZhiipGViF6eYW8H5MP2h9K mhPGMHhQVsbNKuclqUr5tyGLGjO7BacLiBZfl0AEOJBOCoSSnRnO4XC7OIVJQnGxkm6A +jyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=mQYrp2fcnjf9dsnOa4Klo7h5GQfGfZJQX8VgiX/FZZQ=; b=f5R2sxGvn6szEy80TOyqxzKj7uUpiq/YXdBmgzm2fTdDb6s4fxB+dAJR+mAaHs87ke AjiuzbfR0BP5nKatUXis5oi/tkoeFA4ViVlBbxOUUHk3PeibyXAaZghh4sOHuel/P2oR BM/qwDzu72OPV+En7XJPSYe8o88AVUeAEZII26q2Id6gjiXeYuKtaM/+arVmZrrHOOsf sclLCrM8CC0VMKdWzayirxXIbarYfn8IgmbaVNRNkPTu5AHnPCKyEm9npb//bV/tYU7x p9i/sR0HLcKTQDkKPsyMIRDwMpdoXaHkB9fFTJCb0JHJQyrcBx++c7Mql7ESG/FHb7Yl fPlw==
X-Gm-Message-State: AHPjjUgjiVQTpAXpqbPaOSVs5tvHDzpfKDTWgfPuF2VxxYq1dWRLNoSm l7k2G3kHalNYTZu2Fw2s/RM3JCdTNbW8IjYECqHgwQ==
X-Google-Smtp-Source: AOwi7QAU2KazqP9uEu1E3xBb5alZjhBeYnVOZpbS6Zm6lLo7PhD6WlWUZ1TF+/cXmIg5agC/evmgzR94NMyogBc6eZs=
X-Received: by 10.223.133.147 with SMTP id 19mr16914004wrt.184.1507049109433; Tue, 03 Oct 2017 09:45:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.188.8 with HTTP; Tue, 3 Oct 2017 09:44:28 -0700 (PDT)
From: Warren Kumari <warren@kumari.net>
Date: Tue, 03 Oct 2017 09:44:28 -0700
Message-ID: <CAHw9_iKACx39CX0N5sfaGnH8gfG0CNWSBOwSb+f1vVtpNR2U9w@mail.gmail.com>
To: draft-ietf-sidrops-bgpsec-rollover@ietf.org, sidrops@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/ZLqMfJyAztauVeJmcQkcYerMgRM>
Subject: [Sidrops] AD review of draft-ietf-sidrops-bgpsec-rollover
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Oct 2017 16:45:18 -0000
Hello,
Thank you to the editors and WG for your efforts on
this document, it's a well written and easy to understand
draft. I do have a few comments that I’d like addressed
before I start IETF LC — addressing these now will avoid
issues later in the process.
Questions:
1: Section 2. Introduction
"This document provides general recommendations for that process.
Certificate Practice Statements (CPS) documents MAY reference these
recommendations."
I do not understand the use of a 2119 MAY here -- can it be made
lowercase instead? I really don't understand what it is trying to
accomplish.
2: 3.1. A proposed process for BGPsec router key rollover
"If there is no staging period, routing information may be lost."
I do not have any better text to suggest, but I don't really think
that routing information gets "lost" - when the session is fixed, the
information still gets through -- perhaps "routing may be disrupted"?
My comments are mostly editorial nits.
1: There are some IDNITs -- a number of the drafts are now RFCs:
== Outdated reference: draft-ietf-sidr-bgpsec-ops has been published as RFC
8207
== Outdated reference: draft-ietf-sidr-bgpsec-protocol has been published
as RFC 8205
== Outdated reference: draft-ietf-sidr-rpki-rtr-rfc6810-bis has been
published as RFC 8210
2: Section 3. Key rollover in BGPsec
"An BGPsec router certificate SHOULD be replaced ..."
s/An/A/
2: Section 3. Key rollover in BGPsec
"Protection against withdrawel supporession and replay attacks"
-- typos in "withdrawel" and "supporession"
3: Section 3.1. A proposed process for BGPsec router key rollover
"However, If an administrator"
s/If/if/
4: Section 6. Security Considerations
"When certificates containing a new public key are provisioning ahead"
s/provisioning/provisioned/
Please let me know once these are addressed, so I can start LC.
Thanks again,
W
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
- [Sidrops] AD review of draft-ietf-sidrops-bgpsec-… Warren Kumari
- Re: [Sidrops] AD review of draft-ietf-sidrops-bgp… Brian Weis (bew)
- Re: [Sidrops] AD review of draft-ietf-sidrops-bgp… Warren Kumari