Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)

Randy: The consumer of geofeed data SHOULD fetch and process the data themselves. Importing datasets produced and/or processed by a third- party places significant trust in the third-party. >>> >>> this is in sec cons already. you want it moved up or duplicated? i >>> kinda

Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)

>>> The consumer of geofeed data SHOULD fetch and process the data >>> themselves. Importing datasets produced and/or processed by a third- >>> party places significant trust in the third-party. >> >> this is in sec cons already. you want it moved up or duplicated? i >> kinda like it

Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)

Randy: >> >> Suggested edits: >> >> The address range of the signing certificate MUST cover all prefixes >> in the signed geofeed file. If not, the authenticator is invalid. >> >> The signing certificate MUST NOT include the Autonomous System >> Identifier Delegation certificate

Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)

> Suggested edits: > >The address range of the signing certificate MUST cover all prefixes >in the signed geofeed file. If not, the authenticator is invalid. > >The signing certificate MUST NOT include the Autonomous System >Identifier Delegation certificate extension [RFC3779].

Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)

Paul: I am writing to address #3 and #4. Thanks for your careful review. > #3 Signature and white space requirements are a bit troubling > >Trailing blank lines MUST NOT appear at the end of the file. > > That's rather strong. Should the file be rejected if a blanc line appears > at

Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)

thanks for review, paul > #1 document track > > The document is Standards Track, and so are the docs is > Obsoletes/Updates ([RFC2725] and [RFC4012]), but the document also > claims "change control effectively lies in the operator community". > Normally, that would mean the IETF publishes this

Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)

Dear Paul, I implemented support for validating Geofeed signatures in OpenBSD's RPKI implementation. Section 3 and 4 of your DISCUSS message relate to this implementation work. My implementation here is based on draft-ietf-opsawg-9092-update:

[OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)

Paul Wouters has entered the following ballot position for draft-ietf-opsawg-9092-update-10: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to