[Sidrops] AD Review of: draft-ietf-sidrops-rpki-has-no-identity
Warren Kumari <warren@kumari.net> Thu, 03 March 2022 14:38 UTC
Return-Path: <warren@kumari.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id C5B5A3A0841
for <sidrops@ietfa.amsl.com>; Thu, 3 Mar 2022 06:38:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=kumari.net
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id NWDDeCiGGkQS for <sidrops@ietfa.amsl.com>;
Thu, 3 Mar 2022 06:38:19 -0800 (PST)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com
[IPv6:2607:f8b0:4864:20::d2e])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id D75BB3A08C6
for <sidrops@ietf.org>; Thu, 3 Mar 2022 06:38:18 -0800 (PST)
Received: by mail-io1-xd2e.google.com with SMTP id c14so5909829ioa.12
for <sidrops@ietf.org>; Thu, 03 Mar 2022 06:38:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google;
h=mime-version:from:date:message-id:subject:to;
bh=esl0lcNcTk+jnCiowtIDyYyy0N5ci+GV3Ycuz8UaM64=;
b=f7dqzhajDUMovDXluIYSatmxVNWMvoQMqhsOPYufcApulYeNmCk9rQNXAnqxi+RWI3
5o/0WbmZVOkW6a3a0Uzq8C0vrnAuk+2iuhnUFj6DRDfqF2Y5DEXyuuCMaAMLCXr0fUBh
u36NaAcLL/y+RiUZ32j7cwfD8ftafgBRn3Px96bCGw371cThbvoU8KSozmGJgbdFkhdL
IF1K8TGchIBkPNhISS+DChnAjL5amV9zmzKqnH+UL8ytDxRdaGrBkWciDa/zF7WEWkFa
6Lr6P24RrcCSzhGa8stHZrZTln5VEYAkiTTi7u3L2HjtinCYaycX1fnW5K10vmO/TZmm
UVQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=esl0lcNcTk+jnCiowtIDyYyy0N5ci+GV3Ycuz8UaM64=;
b=StSLQs+0diRXmO1BTuSYT4FTi8LvYlTDp2oO0aAS01lc8TWLg7WnwB1Ej+yipVYyp3
kRLuSxoJhdP6HSrgcJhlUduLHbjeyMO2TMc7pW7VQGgN2s+HYBovg1j/aysQb25h7Duc
hQalTylRC/2Dugh8Eqs0KXtySTKPezvM/l1VTkCX16I/3FbnOq7YaWWGNG3p6v9odebv
5Myu0HzXKfnF10ZNKcj14cYmQwcJEjR6XacqLbuPotbs5sRTwC18KDDDO5JE8MJMbyhL
+64xHHNkevQuFAsGp26rYPf9nme6J6BWHnd1rbwBXVH8XA9ze6Ox9DQ+bgpse/MUa798
sO+Q==
X-Gm-Message-State: AOAM5321O59B4IULjALebURnCckw7L+gonfrh2q7To5tVoSikB/FJ+xt
7OzcUzNhUUG5n9ZFb1yCCUksS991ZOqOdnrfji8iXfUZBHuJ7A==
X-Google-Smtp-Source: ABdhPJzQWW1H1kzNysV+Gl3MGSZ3/6SfokExwi2YWFWv596ZwP0FXm7FKcqcxhDEctkjx2+c8yYBXHsd5YIXF4Ej7u0=
X-Received: by 2002:a02:ce25:0:b0:314:d4cc:b1db with SMTP id
v5-20020a02ce25000000b00314d4ccb1dbmr28564860jar.231.1646318296872; Thu, 03
Mar 2022 06:38:16 -0800 (PST)
MIME-Version: 1.0
From: Warren Kumari <warren@kumari.net>
Date: Thu, 3 Mar 2022 09:37:41 -0500
Message-ID: <CAHw9_i+Ti0ghT7C+UMVSR2Xjc2ynPxoe3Q4wUDFCaci88-TRaA@mail.gmail.com>
To: SIDR Operations WG <sidrops@ietf.org>,
draft-ietf-sidrops-rpki-has-no-identity@ietf.org
Content-Type: multipart/alternative; boundary="000000000000460aaa05d9515993"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/fXhkAeuwbVWnHAaTFCIaj0oKNno>
Subject: [Sidrops] AD Review of: draft-ietf-sidrops-rpki-has-no-identity
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>,
<mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>,
<mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2022 14:38:24 -0000
Hi there authors and WG, Firstly, thank you very much for this document, and apologies it has taken a while for me to review it. I must admit that I *wanted* to / felt I should be able to use the RPKI to do things like sign LOAs and similar "the RIR says I'm the 'owner', seem mah cert!" type things, and so, even though the document makes me sad, it's useful and needed. I do have a number of editorial comments / nits. Addressing these before IETF LC and IESG review should make progressing the document easier and smoother, as well as being politer to the RFC Editor. Please let me know LOUDLY once you'd had a chance to address them, and I'll start IETF LC. Issues / comments: Sec 1: O: "Though since, it has grown to include..." C: I don't have suggested text, but "Though since" is difficult to parse -- it's not clear from the prior sentence what the "though" or "since" refer to. Perhaps "Since publication of [RFC6480], the term has grown to include ..."? Actually, I'm not really sure what the sentence was trying to say though, so I have no idea if my suggestion works... Nits: Sec 1: O: "In security terms the phrase "Public Key"... " P: "In security terms, the phrase "Public Key" ..." C: Comma. O: "But in reality, the RPKI certificate is only an authorization to speak for for the explicitly identified INRs;" P: "But in reality, the RPKI certificate is only an authorization to speak for the explicitly identified INRs;" C: Repeated 'for' Sec 2: O: "Registries such as the Regional Internet Resistries (RIRs)" P: "Registries such as the Regional Internet Registries (RIRs)" C: Typo O: "That the RPKI does not authenticate real world identity is a feature not a bug." P: "That the RPKI does not authenticate real world identity is a feature, not a bug " C: Comma O: "Note that, if there is sufficient external, i.e. non-RPKI, verifcation of authority" P: Note that, if there is sufficient external, i.e. non-RPKI, verification of authority" C: Typo Sec 4: O: "When a document is signed with the private key associated with a RPKI certificate" P: "When a document is signed with the private key associated with a RPKI certificate" C: s/a/an/ - grammar Misc: s/real world/real-world/g -- I think? ---- Again, I know that many of these are nits, but they'll have to be addressed at some point, and before everyone reads it and gets riled up is best :-) W -- Perhaps they really do strive for incomprehensibility in their specs. After all, when the liturgy was in Latin, the laity knew their place. -- Michael Padlipsky
- [Sidrops] AD Review of: draft-ietf-sidrops-rpki-h… Warren Kumari
- Re: [Sidrops] AD Review of: draft-ietf-sidrops-rp… Russ Housley
- Re: [Sidrops] AD Review of: draft-ietf-sidrops-rp… Warren Kumari
- [Sidrops] LOUDLY Re: AD Review of: draft-ietf-sid… Randy Bush
- Re: [Sidrops] LOUDLY Re: AD Review of: draft-ietf… Warren Kumari