At 8:52 PM -0700 10/28/09, Terry Manderson wrote:
Oppose.
Although opposition is based on a small number of nits:
* Section 1.7, page 11. "RPKI signed Object" ... "declared to be such by a
standards track RFC issued by the SIDR WG"
Over time, the SIDR WG may not exist, or the name could change, or valid
RPKI objects come from other WG's. Perhaps 'issued by the IETF'
Good point re the longevity of SIDR, but we need to be careful to not
allow arbitrary definition of such objects.
* Section 3.1.1 Types of names.
I think the section should it clear that names for the top level are
meaningless as covered in sidr-arch. It touches briefly on this in 3.1.3
"(and Issuer)" but appears in my reading to be ambiguous.
Perhaps " Names for IANA and RIRs will be meaningless directory
distinguished ....."
We can add some more text to make such this is unambiguous.
* Section 4.6.1-3 I'd like it made clear that renewal be only to the same
subscriber. eg the subscriber before and after renewal is the same. At
present it says that only the valid subscriber may request renewal, but
allows a new private key. I think there is too much wriggle room in that for
a subscriber to renew with someone else's private key.
The term "renewal" in the PKI space always means that the same
subject is represented. the text in 3.2.1 mandates use of "proof of
possession" mechanism for cert issuance, so it cannot be someone
else's private key. we can say the same thing for renewal to ensure
that this is not ambiguous.
* Sections 9.12.1, 9.12.2, 9.12.3.. If the CP is administered by the IESG
(section 1.6.1) shouldn't that also be reflected here?
yes, those sections should have been updated as well. That was an oversight.
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
