Roman Danyliw has entered the following ballot position for draft-ietf-opsawg-finding-geofeeds-12: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-finding-geofeeds/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (Updated ballot) Thank you to Kyle Rose for the SECDIR review. Thank you for addressing my DISCUSS and various COMMENTs. ====== ** Section 4. Per “the RPKI certificate covering the inetnum: object's address range is included in the [RFC5652] CMS SignedData certificates field”, can a more specific statement be made highlight which certificate field in providing the IP information. Propose: OLD ... the RPKI certificate covering the inetnum: object's address range is included in the [RFC5652] CMS SignedData certificates field NEW ... the RPKI certificate covering the inetnum: object's address range is included in the IP Address Delegation certificate extension [RFC3779] field. See https://mailarchive.ietf.org/arch/msg/opsawg/zYwS9OHWhzkXrfXVUu4ZG16-2GI/ for follow-up discussion on this. ** Section 4. Per the format of the signature appended to the geofeed file: # RPKI Signature: 192.0.2.0/24 # MIIGlwYJKoZIhvcNAQcCoIIGiDCCBoQCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ # IhvcNAQkQAS+gggSxMIIErTCCA5WgAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu ... # imwYkXpiMxw44EZqDjl36MiWsRDLdgoijBBcGbibwyAfGeR46k5raZCGvxG+4xa # O8PDTxTfIYwAnBjRBKAqAZ7yX5xHfm58jUXsZJ7Ileq1S7G6Kk= # End Signature: 192.0.2.0/24 -- The does the label “192.0.2.0/24” relate to the rest of the geofeed file and the inetnum: value? ** Appendix A. The end-user certificate has a sbgp-ipAddBlock field which is “IPv4: inherit IPv6: inherit”. However, the parent CA is encoding an IPv4 only range so it seems misplaced that there is a IPv6 reference there. See https://mailarchive.ietf.org/arch/msg/opsawg/zYwS9OHWhzkXrfXVUu4ZG16-2GI/ for follow-up discussion on this. _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg