On Wed, Apr 15, 2026 at 7:41 AM Sasha Romijn <[email protected]> wrote:
> Hello Christopher, > > Thank you for the review of our draft. Responses inline: > > On 15 Apr 2026, at 07:09, Christopher Inacio via Datatracker < > [email protected]> wrote: > > > > > > * As a general comment, I'm concerned about the lack of specificity on > the JWS > > cryptography. IANA has a lot of registered options for JSON Web > Signatures, > > algorithms, compression, etc. Every client implementation has build all > of > > those options in order to handle anything the server creates? Is there a > > mandatory to implement sub-set of those? > > This section was also mentioned in other reviews, and we have refined it > in: > > https://github.com/mxsasha/nrtmv4/commit/a4b1105e48247ce6a64bcbc2b8ecd570b0810e55 > > We now require ES256, with other options allowed within certain > constraints, while the responsibility is on the server operator to ensure > clients actually support this. > > [ci] thanks for the updates, I think it makes the document more clear. > > * Being more specific about the Key, key lifetime, etc. would be useful > here; > > that seems a not well defined > > We feel this is reasonably addressed in 9.6. If there are still things > missing, could you elaborate? > > [ci] some part of me would like a stronger basis for the lifetime of the key relative to the amount of data and strength of the crypto used. I think that would be extremely hard to do here; so I admit that I might not be entirely reasonable on this. It's not blocking and I won't lose any sleep worrying that you haven't determined empirically that 1-year keys are strong enough. That's just the basis of my comment. > > * I think in the terminology it would be helpful to be very clear that > > `database` in this context is the collection of IRR snapshot and delta > files; > > it does not refer to any type of RDBMS or similar system. (That is > fairly > > clear already, but I don’t think it would hurt to be extra explicit.) > > We've clarified this in the terminology. > > [ci] looks good to me. > > * > 260 Version An incremental number that identifies the IRR > Database at a > >> 261 particular point in time. > > I think this can be more clear, maybe something like (I’m sure you can > do > > better, but): `Version - A monotonically increasing number that > identifies a > > particular IRR Database data version, scoped by a Session Identifier, > at a > > particular point in time` `Session Identifier - A generated identifier > which > > defines a particular instance of a copy of the IRR database upon which > > Snapshot Files, Delta Files, and Notifications are associated` > > We have also clarified this in the terminology. > > Sasha I'm happy with the changes. thanks -- Chris Inacio Carnegie Mellon University
_______________________________________________ GROW mailing list -- [email protected] To unsubscribe send an email to [email protected]
