[OPSAWG] Roman Danyliw's No Objection on draft-ietf-opsawg-finding-geofeeds-12: (with COMMENT)

Roman Danyliw via Datatracker Thu, 20 May 2021 06:53:00 -0700

Roman Danyliw has entered the following ballot position for
draft-ietf-opsawg-finding-geofeeds-12: No Objection


When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-finding-geofeeds/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

(Updated ballot)
Thank you to Kyle Rose for the SECDIR review.

Thank you for addressing my DISCUSS and various COMMENTs.

======
** Section  4. Per “the RPKI certificate covering the inetnum: object's address
range is included in the [RFC5652] CMS SignedData certificates field”, can a
more specific statement be made highlight which certificate field in providing
the IP information.  Propose:

OLD
... the RPKI certificate covering the inetnum: object's address range is
included in the [RFC5652] CMS SignedData certificates field

NEW
... the RPKI certificate covering the inetnum: object's address range is
included in the IP Address Delegation certificate extension [RFC3779] field.

See https://mailarchive.ietf.org/arch/msg/opsawg/zYwS9OHWhzkXrfXVUu4ZG16-2GI/
for follow-up discussion on this.

** Section 4.  Per the format of the signature appended to the geofeed file:
       # RPKI Signature: 192.0.2.0/24
       # MIIGlwYJKoZIhvcNAQcCoIIGiDCCBoQCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ
       # IhvcNAQkQAS+gggSxMIIErTCCA5WgAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu
       ...
       # imwYkXpiMxw44EZqDjl36MiWsRDLdgoijBBcGbibwyAfGeR46k5raZCGvxG+4xa
       # O8PDTxTfIYwAnBjRBKAqAZ7yX5xHfm58jUXsZJ7Ileq1S7G6Kk=
       # End Signature: 192.0.2.0/24

-- The does the label “192.0.2.0/24” relate to the rest of the geofeed file and
the inetnum: value?

** Appendix A.  The end-user certificate has a sbgp-ipAddBlock field which is
“IPv4: inherit IPv6: inherit”.  However, the parent CA is encoding an IPv4 only
range so it seems misplaced that there is a IPv6 reference there.

See https://mailarchive.ietf.org/arch/msg/opsawg/zYwS9OHWhzkXrfXVUu4ZG16-2GI/
for follow-up discussion on this.



_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

[OPSAWG] Roman Danyliw's No Objection on draft-ietf-opsawg-finding-geofeeds-12: (with COMMENT)

Reply via email to