Christopher Inacio has entered the following ballot position for draft-ietf-grow-nrtm-v4-09: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-grow-nrtm-v4/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Watson L. for the SEC review. Thanks for the effort of creating this draft and attempting to fix an insecure data distribution problem. * As a general comment, I'm concerned about the lack of specificity on the JWS cryptography. IANA has a lot of registered options for JSON Web Signatures, algorithms, compression, etc. Every client implementation has build all of those options in order to handle anything the server creates? Is there a mandatory to implement sub-set of those? * Being more specific about the Key, key lifetime, etc. would be useful here; that seems a not well defined * As a general comment, I'm concerned about the lack of specificity on the JWS cryptography. IANA has a lot of registered options for JSON Web Signatures, algorithms, compression, etc. Every client implementation has build all of those options in order to handle anything the server creates? Is there a mandatory to implement sub-set of those? * I think in the terminology it would be helpful to be very clear that `database` in this context is the collection of IRR snapshot and delta files; it does not refer to any type of RDBMS or similar system. (That is fairly clear already, but I don’t think it would hurt to be extra explicit.) * > 260 Version An incremental number that identifies the IRR Database at a > 261 particular point in time. I think this can be more clear, maybe something like (I’m sure you can do better, but): `Version - A monotonically increasing number that identifies a particular IRR Database data version, scoped by a Session Identifier, at a particular point in time` `Session Identifier - A generated identifier which defines a particular instance of a copy of the IRR database upon which Snapshot Files, Delta Files, and Notifications are associated` _______________________________________________ GROW mailing list -- [email protected] To unsubscribe send an email to [email protected]
