Re: [Gen-art] Gen-ART review of draft-ietf-sidr-bgpsec-threats-06

2013-10-02 Thread Stephen Kent
David, Steve, I think the modified introduction text suffices to connect the PATHSEC and BGPsec terms, but I don't think that referring to the SIDR WG charter for the PATHSEC goals is reasonable -- an RFC is an archive document, whereas a WG charter is not. The revised intro text now para

Re: [Gen-art] Gen-ART review of draft-ietf-sidr-bgpsec-threats-06

2013-10-01 Thread Stephen Kent
David, Since this doc logically precedes the BGPsec design, I still think it's appropriate to use PATHSEC here. But, we can add a sentence to connect the terms. I propose this modified text for the introduction: *This document describes the security context in which PATHSEC is intended to op

Re: [Gen-art] Gen-ART review of draft-ietf-sidr-bgpsec-threats-06

2013-09-30 Thread Stephen Kent
David, Major issue: This draft contains more than just a threat model. agreed. It also contains a high level security analysis of the security architecture/approach that applies the RPKI to secure use of BGP. yes. we didn't create a threat model doc for the RPKI, and this seemed like a goo

Re: [Gen-art] [karp] Gen-ART review of draft-ietf-karp-crypto-key-table-08

2013-08-15 Thread Stephen Kent
David, I agree with Sam here. The key table is analogous to the SPD in 4301, but not the PAD. Another doc being developed in the KARP WG does have a "Routing Authentication Policy Database" (RAPD) that incorporates aspects of the PAD from 4301, as well as some SPD fields. Steve ___

Re: [Gen-art] Gen-ART review of draft-ietf-sidr-algorithm-agility-09

2012-12-31 Thread Stephen Kent
David, The draft is generally well-written and clear, but has an unfortunate nomenclature change problem that is the primary open issue[*]. Major issues: [*] Section 4.7 changes the meaning of the algorithm suite names (A, B and C) from prior sections. I have deleted all references to Alg Su

Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-dnssec-dps-framework-08

2012-07-18 Thread Stephen Kent
Joe You're right, I did miss your point, quite thoroughly :-) I am guessing that the answer is that there's no corresponding facility in DNSSEC to for a policy identifier to be published with a DNSKEY RR, but I say that largely ignorant of X.509 and attendant CA policy and hence perhaps am st

Re: [Gen-art] Gen-ART Review of draft-ietf-pkix-3281update-05

2009-05-19 Thread Stephen Kent
At 3:00 PM -0400 5/19/09, McCann Peter-A001034 wrote: I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html ). P