ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Gen-ART LC review of draft-ietf-csi-send-cert

2010-05-30 23:22:36
from [Suresh Krishnan] [Permanent Link] 
Hi Roni,
  Thanks a lot for the review. Please find responses inline.

Roni Even wrote:

Comments:
The first two comments are about changes from RFC 3971, if they are intentional it may be good to have a section on changes from RFC 3971 and list these specific changes with backward interoperability issues if there are. 

   1. In section 4 second paragraph “SEND certificates MUST include  the
      IP Resources extension for IPv6 Address …”  Section 6.3.1 of RFC
      3971 says “Router Authorization Certificates are X.509v3
      certificates, as defined in RFC 3280, and SHOULD contain at least
      one instance of  the X.509 extension for IP addresses, as defined
      in RFC 3779.” So why is it a MUST here.
The csi wg explicitly made a decision to go with basing the SEND certificate profile on RPKI certificates [draft-ietf-sidr-res-certs] instead of coming up with a fresh profile based on RFC3971. This discrepancy is a result of that decision. I am not sure if there are any backward compatibility issues since the SEND spec did not specify the procedures for validating certificates without a IP resources extension, 


   2. The same paragraph has “Certified IPv6 address space SHOULD be
expressed using either addressPrefix or addressesOrRange elements.” . Section 6.3.1 in RFC 3971 says “The X.509 IP address 
      extension MUST contain at least one addressesOrRanges element” as
      for  the addressPrefix according to this section “The X.509 IP
      address extension MAY contain additional IPv6 subnet prefixes,
      expressed as either an addressPrefix or an addressRange.”
This is unintentional. I don't think the statement in question adds any value and can be safely removed. Is this ok? 



   3. In section 7 there are TBA1, TBA2 and TBA3, who will assign values
      for these IDs.
The IDs have been allocated by the pkix wg. I have replaced the TBA values with the actual allocated values. 




Nits:

   1. Section 5  has “an end user could local SEND deployment “ it looks
      like there is a missing word in this sentence


OK. Replaced with "an end user could perform local SEND deployment"


   2. In section 5 expand ULA.


OK.

Thanks
Suresh
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IPv4 depletion makes CNN, Mark Andrews
Next by Date:  Re: IPv4 depletion makes CNN, Patrik Fältström
Previous by Thread:  Gen-ART LC review of draft-ietf-csi-send-cert, Roni Even
Next by Thread:  Re: Last Call: draft-ietf-mpls-tp-framework (A Framework for MPLS in Transport Networks) to Informational RFC, Loa Andersson
Indexes:  [Date] [Thread] [Top] [All Lists]