[Sidrops] Orie Steele's No Objection on draft-ietf-sidrops-cms-signing-time-06: (with COMMENT)

Orie Steele via Datatracker <noreply@ietf.org> Mon, 08 April 2024 20:36 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Orie Steele via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sidrops-cms-signing-time@ietf.org, sidrops-chairs@ietf.org, sidrops@ietf.org, housley@vigilsec.com, housley@vigilsec.com
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Orie Steele <orie@transmute.industries>
Message-ID: <171260858688.49397.2189518988804934513@ietfa.amsl.com>
Date: Mon, 08 Apr 2024 13:36:26 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/e5aRgDj8s1Mt_XUhbzWji2W3gGQ>
Subject: [Sidrops] Orie Steele's No Objection on draft-ietf-sidrops-cms-signing-time-06: (with COMMENT)

Orie Steele has entered the following ballot position for
draft-ietf-sidrops-cms-signing-time-06: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-sidrops-cms-signing-time/

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

# Orie Steele, ART AD, comments for draft-ietf-sidrops-cms-signing-time-06
CC @OR13

https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-sidrops-cms-signing-time-06.txt&submitcheck=True

## Comments

```
129 Publishers SHOULD ensure that the last modification timestamp of the
130 file remains unchanged as well.
```

Why not MUST? What happens if they do not?

```
156 In order to reduce the burden of the rsync synchronization (following
157 an RRDP failure), Publishers and RPs SHOULD adhere to the following
158 guidelines.
```

Why not MUST? Perhaps this sentence is not needed.

```
162 When serializing RPKI Signed Objects to a filesystem hierarchy for
163 publication via rsync, the mod-time of the file containing the Signed
164 Object SHOULD be set to the value of the CMS signing-time attribute
165 contained within the Signed Object.
```

Why not MUST? What happens if the mod-time is set to something else?
Does this guidance also apply to publishers that support RRDP in addition to
rsync?

```
169 When serializing RPKI Signed Objects retrieved via RRDP to a
170 filesystem hierarchy, the mod-time of the file containing the Signed
171 Object SHOULD be set to the value of the CMS signing-time attribute
172 contained within the Signed Object.
```

Why not MUST?

The amount of redundancy between this section and previous section, is
confusing. I would assume publishing and consuming would both need guidance on
CMS signing-time, regardless of if rsync or RRDP was used.

[Sidrops] Orie Steele's No Objection on draft-iet… Orie Steele via Datatracker
Re: [Sidrops] Orie Steele's No Objection on draft… Job Snijders
Re: [Sidrops] Orie Steele's No Objection on draft… Orie Steele