Randy:
The consumer of geofeed data SHOULD fetch and process the data
themselves. Importing datasets produced and/or processed by a third-
party places significant trust in the third-party.
>>>
>>> this is in sec cons already. you want it moved up or duplicated? i
>>> kinda
>>> The consumer of geofeed data SHOULD fetch and process the data
>>> themselves. Importing datasets produced and/or processed by a third-
>>> party places significant trust in the third-party.
>>
>> this is in sec cons already. you want it moved up or duplicated? i
>> kinda like it
Randy:
>>
>> Suggested edits:
>>
>> The address range of the signing certificate MUST cover all prefixes
>> in the signed geofeed file. If not, the authenticator is invalid.
>>
>> The signing certificate MUST NOT include the Autonomous System
>> Identifier Delegation certificate
> Suggested edits:
>
>The address range of the signing certificate MUST cover all prefixes
>in the signed geofeed file. If not, the authenticator is invalid.
>
>The signing certificate MUST NOT include the Autonomous System
>Identifier Delegation certificate extension [RFC3779].
Paul:
I am writing to address #3 and #4.
Thanks for your careful review.
> #3 Signature and white space requirements are a bit troubling
>
>Trailing blank lines MUST NOT appear at the end of the file.
>
> That's rather strong. Should the file be rejected if a blanc line appears
> at
thanks for review, paul
> #1 document track
>
> The document is Standards Track, and so are the docs is
> Obsoletes/Updates ([RFC2725] and [RFC4012]), but the document also
> claims "change control effectively lies in the operator community".
> Normally, that would mean the IETF publishes this
Dear Paul,
I implemented support for validating Geofeed signatures in OpenBSD's
RPKI implementation. Section 3 and 4 of your DISCUSS message relate to
this implementation work.
My implementation here is based on draft-ietf-opsawg-9092-update:
Paul Wouters has entered the following ballot position for
draft-ietf-opsawg-9092-update-10: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to