Hi Deb! Thanks for your comments, see inline for responses.
Cheers, Oliver On 12/2/25 11:48 PM, Deb Cooley via Datatracker wrote:
Deb Cooley has entered the following ballot position for draft-ietf-opsawg-prefix-lengths-08: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-prefix-lengths/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Courtesy of Sean Turner while looking at the CMS registry request: "Did a quick look at this and have a questions about why there’s no ASN.1 module that formally defines the content type? The knock on effects for adding a module that come to mind would be: - another section for the ASN.1 module - another IANA request for SMIME ASN.1 Module Arc - normative refs to X.680, X.690, & RFC 5911 (imports CONTENT-TYPE)" ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Valery Smyslov for their secdir review. This is well outside my normal area of expertise, however I had a couple of comments. It isn't clear to me that there are no answers (which is why I didn't discuss them). Section 6: So what is the chance that this is ever used? And if used, what is the chance that it will be done properly? [according to Section 9, para 4, 'not happening anytime soon'.]
The chances will likely be similar to the same technique being used in RFC 9632. We want to include this in the draft to make the option is strongly authenticated data available to prefix length data publishers.
Section 9: So the choices are implement this with weak or no authentication, or with complex, stronger authentication (where the struggle will be doing it securely/properly)?
Honestly, yes, that's what it boils down to in the end.
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
