Re: [Sidrops] AD Review of draft-ietf-sidrops-signed-tal - "RPKI Signed Object for Trust Anchor Key"
Warren Kumari <warren@kumari.net> Fri, 12 April 2024 15:50 UTC
Return-Path: <warren@kumari.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5B32C14F71A for <sidrops@ietfa.amsl.com>; Fri, 12 Apr 2024 08:50:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pRb1EuspG7-j for <sidrops@ietfa.amsl.com>; Fri, 12 Apr 2024 08:50:13 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FBF3C151710 for <sidrops@ietf.org>; Fri, 12 Apr 2024 08:49:56 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-56e37503115so911945a12.1 for <sidrops@ietf.org>; Fri, 12 Apr 2024 08:49:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; t=1712936994; x=1713541794; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=lECOGqjpPBq6hPsoTzkxTHrLcbEGp7ql23fNZh873u0=; b=CSLkSiVXBFw733ZlRFlhewG+sCLryPKZL5TUYmoytz61aHc2LRl2cTFVvBpsJtlSKO e2vjXKes6coJBvR1fFEKdg2le9GmOTGLyAQUoC8oCvmUFiUIeXWLuf54ndEAGHGiuYl0 634o4uwHTbdkB/EgPfBvYUNcajjuVVb5LF7hsbyg9hTygTB7WSgMgGmYEpHT/akXJ4Kx 8lDogOSPxY08VS+Rgq8X3d++26JLX5NkhpkytowK/17DBjgRu3slPASnPIo4pN1FgsNZ yMO5ZNif/s5UlIq+MrnGjapk/WdG+MT/WftKiSV0Nanz4UNrZbe6ZjVNv/nTGa/K3wO4 Nq9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712936994; x=1713541794; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=lECOGqjpPBq6hPsoTzkxTHrLcbEGp7ql23fNZh873u0=; b=e+Gb4e9oGVidVxJaGjebqGVUWmtz9kanAN21ku9Jh9LO9AoFiqgxppHiVxg2cdnw19 Zc4K74LbrqQwvkYTbgr2UOenC4QVb4D0fUVYE0Im0wk2IZoBSHy+Pq5DlSpSFZ3+Q6Gz xxpfC5F9CIR3P4XnXFYI0P2PB2UFnwa6n0fFsejLJJ4XDbN+E7QOekXXXH+27vpjPYq8 u2dNrUhUe0iU0GWjgpKkgTu/4Wlj6fXlA9Lc5+og3XOHQfP7wPe0KKW9VmpKojjJ7TXu 99vUC/MifcrvM9psF5v5DVHemus+NrrIKS6Wjx8HAhU3iD35StTd1rrXYBieXOtdT9Km BUYQ==
X-Forwarded-Encrypted: i=1; AJvYcCXWsr6ReUEEPVKq+relxWeXJRyAiweN15YcUPJG1EAosS4CdK4cUS955QlBWYNbAdXhPZo5aL2PCbk2+d1tOSHp
X-Gm-Message-State: AOJu0YwNKLlTnuHuP+WcYi4VF8vFJuHpGsr87ABfUiGrH4cBcMi1V82C B/LL2y/m/z56lIgysh1643KLcYcbQI7AUTRQNQJgpr7qeWkam68J9wDhcSzwGsBaH3eocq8Wpw4 bWsV8lzb/3Km84t6KEDhjMPIdp43S222/nBBDOw==
X-Google-Smtp-Source: AGHT+IFcUWCHICr28mKod0CdlMZroV7vwU9OLjfzdfDc2dFmeuYVQ3MQu23lvqj+dvQYS7hw1pZvaceoFTDmu5VtgQQ=
X-Received: by 2002:a50:9510:0:b0:566:4aa9:7143 with SMTP id u16-20020a509510000000b005664aa97143mr1867407eda.14.1712936994207; Fri, 12 Apr 2024 08:49:54 -0700 (PDT)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Fri, 12 Apr 2024 11:49:53 -0400
Mime-Version: 1.0
X-Superhuman-ID: luwug27p.654a3a76-59d9-4b8b-8965-97399ec9d9c2
From: Warren Kumari <warren@kumari.net>
X-Mailer: Superhuman Desktop (2024-04-11T23:22:15Z)
X-Superhuman-Draft-ID: draft00b390cce1dbf46d
X-Superhuman-Thread-ID: draft00bf1581a9fbac4c
Date: Fri, 12 Apr 2024 11:49:53 -0400
Message-ID: <CAHw9_i+eYoffWeS2W_exKD6hSinLL8uctv01CiWDKyH+6ZHJTw@mail.gmail.com>
To: Tom Harrison <tomh@apnic.net>
Cc: draft-ietf-sidrops-signed-tal@ietf.org, sidrops@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001027430615e83976"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/jduLtL7N_y0HkgOjiDBwR6TWEcM>
Subject: Re: [Sidrops] AD Review of draft-ietf-sidrops-signed-tal - "RPKI Signed Object for Trust Anchor Key"
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2024 15:50:18 -0000
[ - sidrop, +sidrops ] Hi Tom, thank you for addressing my feedback; I'm requesting IETF LC. W On Tue, Apr 09, 2024 at 11:15 PM, Tom Harrison <tomh@apnic.net> wrote: > Hi Warren, > > On Fri, Apr 05, 2024 at 11:45:33AM -0700, Warren Kumari wrote: > > Thank you for this document, I found it clear, useful, and an easy read. > > I do have a few comments/nits; addressing these now should help the IETF > LC and IESG evaluation go more smoothly. > > Thanks for these comments, they are much appreciated. The new version has > been uploaded, and the diff is available at > https://author-tools.ietf.org/ > iddiff?url1=draft-ietf-sidrops-signed-tal-14&url2=draft-ietf-sidrops-signed-tal-15&difftype=--html > if you want to review. Except where noted below, your comments were > incorporated as-is. > > 3: "If a TA uses multiple publication servers, then it is by definition > inevitable that the content of different keys will be out of sync at > times." I don't really think that it is "by definition" inevitable. Yes, > they will sometimes be out of sync, but I don't think that this is "by > definition". > > Previous text: > > If a TA uses multiple publication servers, then it is by definition > inevitable that the content of different keys will be out of sync at times. > In such cases, the TA SHOULD ensure that the duration of these moments are > limited to the shortest possible time. > > Updated text: > > If a TA uses multiple publication servers, then the content for different > keys will be out of sync at times. The TA SHOULD ensure that the duration > of these moments is limited to the shortest possible time. > > 3: "as per normal" is an idiom which not everyone understands. Perhaps "it > it normally would" or something like that? This isn't a major issue, but… > > Updated to be "as it would in the absence of a TAK object". > > 4: I personally found: > "This OID MUST appear both within the eContentType in the encapContentInfo > object, as well as the content-type signed attribute in the signerInfo > object (see [RFC6488])." to be clumsy, and think that: > "This OID MUST appear in both the eContentType in the encapContentInfo > objectinsert and in the content-type signed attribute in the signerInfo > object (see [RFC6488])." > (As with #3, this is just, like, my opinion, man…) > > Updated to: > > This OID MUST appear in both the eContentType in the encapContentInfo > object and the content-type signed attribute in the signerInfo object (see > [RFC6488]). > > 5: "This structure defines a TA key, similarly to [RFC8630]." Suggest: > "This structure defines a TA key, similar to [RFC8630]." > > Changed 'similarly to' to 'similar to that from'. > > Cheers > -Tom >
- Re: [Sidrops] AD Review of draft-ietf-sidrops-sig… Warren Kumari