Hi Theo, Thank you for your review. We have posted the updated files for review: https://www.rfc-editor.org/authors/rfc9829.xml https://www.rfc-editor.org/authors/rfc9829.txt https://www.rfc-editor.org/authors/rfc9829.pdf https://www.rfc-editor.org/authors/rfc9829.html
AUTH48 diffs: https://www.rfc-editor.org/authors/rfc9829-auth48diff.html https://www.rfc-editor.org/authors/rfc9829-auth48rfcdiff.html (side by side) Comprehensive diffs: https://www.rfc-editor.org/authors/rfc9829-diff.html https://www.rfc-editor.org/authors/rfc9829-rfcdiff.html (side by side) We will wait to hear further regarding items 2 and 7. Thank you, RFC Editor/sg > On Jul 3, 2025, at 11:45 PM, Theo Buehler <t...@openbsd.org> wrote: > > On Thu, Jul 03, 2025 at 03:27:28PM -0700, rfc-edi...@rfc-editor.org wrote: >> Authors, >> >> While reviewing this document during AUTH48, please resolve (as necessary) >> the following questions, which are also in the XML file. > > I would like to deal with the slightly more open-ended question 2) and 7) > separately, preferably after the other points are resolved. > >> 1) <!-- [rfced] We have added an informative reference to erratum 3206. >> Please let us know if you have any concerns. >> >> Original: >> * Integration of RFC 6487 Errata 3205. >> >> Current: >> * Integration of Errata 3205 [Err3205]. >> --> > > ok. > >> 2) <!-- [rfced] RFC 9286 defines "fileList" rather than "FileList". We >> have updated the document accordingly. Please let us know any corrections. >> >> Original: >> In the Resource Public Key Infrastructure (RPKI), a well-formed >> Manifest FileList contains exactly one entry for its associated CRL, ... >> >> Original: >> * listed in the issuing CA's current Manifest FileList and has >> matching hash (see Section 4.2.1 of [RFC9286]). >> >> Original: >> By way of the hash in the manifest's FileList this >> provides a cryptographic guarantee on the Certification Authority's ... >> >> >> In addition, note that the following terminology appears to be used >> inconsistently throughout the document. Please review these occurrences >> and let us know if/how they may be made consistent. >> >> Manifest FileList vs manifest's FileList (note that we will lowercase >> FileList as noted above.) >> >> Manifest vs manifest (6487 and 9286 seem to use "manifest" except where >> it's part of a specific name.) >> >> --> > > As mentioned, I'll look into this separately. > >> 3) <!-- [rfced] We are not sure what "without recourse" means here. Does >> it mean "without access to"? Please clarify. >> >> Original: >> In particular, a resource certificate cannot be validated without >> recourse to the current Manifest of the certificate's issuer. >> --> > > I think "without access to" would work. Or perhaps this: > > Old: > In particular, a resource certificate cannot be validated without > recourse to the current Manifest of the certificate's issuer. > New: > In particular, a resource certificate cannot be validated without > consulting the current Manifest of the certificate's issuer. > >> 4) <!-- [rfced] We have updated the text to use superscript (see >> <https://authors.ietf.org/rfcxml-vocabulary#sup> for more information). >> Please let us know if this is incorrect or not desired. >> >> Original: >> 2^159-1 >> >> The HTML and PDF will display 159-1 as an exponent. >> >> The text will display as follows: >> 2^(159-1) >> --> > > No, this is incorrect, thanks for pointing it out. The intention is > (2^159)-1: > > Old: > 2^159-1 > New: > 2<sup>159</sup>-1 > >> 5) <!-- [rfced] For clarity, may we update the text as follows? >> >> Original: >> This document has no additional operational considerations compared >> to Section 9 of [RFC6487]. >> >> Perhaps: >> This document has no additional operational considerations beyond those >> described in Section 9 of [RFC6487]. >> --> > > ok > >> 6) <!-- [rfced] This sentence uses "this" twice in the second sentence and >> they seemingly refer to different things. What does each instance of >> "this" refer to? Please review. >> Note that the first sentence is provided for context. >> >> Original: >> This document explicates that, in the RPKI, the CRL listed on the >> certificate issuer's current Manifest is the one relevant and >> appropriate for determining the revocation status of a resource >> certificate. By way of the hash in the manifest's FileList this >> provides a cryptographic guarantee on the Certification Authority's >> intent that this is the most recent CRL and removes possible replay >> vectors. >> --> > > Simplifying the start of the sentence eliminates one 'this' without > significantly changing the intent. The remaining 'this' is intended to > refer to 'the CRL listed' in the first sentence. Does that work? > > Old: > By way of the hash in the manifest's FileList this > provides a cryptographic guarantee on the Certification Authority's > intent that this is the most recent CRL and removes possible replay > vectors. > New: > The hash in the manifest's FileList > provides a cryptographic guarantee on the Certification Authority's > intent that this is the most recent CRL and removes possible replay > vectors. > >> 7) <!-- [rfced] Please review the "Inclusive Language" portion of the >> online Style Guide >> <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> >> and let us know if any changes are needed. Updates of this nature >> typically result in more precise language, which is helpful for readers. >> >> Note that our script did not flag any words in particular, but this should >> still be reviewed as a best practice. >> --> > > Let's deal with this separately. > > Thanks! > >> >> >> Thank you. >> >> RFC Editor >> >> >> >> On Jul 3, 2025, at 3:24 PM, rfc-edi...@rfc-editor.org wrote: >> >> *****IMPORTANT***** >> >> Updated 2025/07/03 >> >> RFC Author(s): >> -------------- >> >> Instructions for Completing AUTH48 >> >> Your document has now entered AUTH48. Once it has been reviewed and >> approved by you and all coauthors, it will be published as an RFC. >> If an author is no longer available, there are several remedies >> available as listed in the FAQ (https://www.rfc-editor.org/faq/). >> >> You and you coauthors are responsible for engaging other parties >> (e.g., Contributors or Working Group) as necessary before providing >> your approval. >> >> Planning your review >> --------------------- >> >> Please review the following aspects of your document: >> >> * RFC Editor questions >> >> Please review and resolve any questions raised by the RFC Editor >> that have been included in the XML file as comments marked as >> follows: >> >> <!-- [rfced] ... --> >> >> These questions will also be sent in a subsequent email. >> >> * Changes submitted by coauthors >> >> Please ensure that you review any changes submitted by your >> coauthors. We assume that if you do not speak up that you >> agree to changes submitted by your coauthors. >> >> * Content >> >> Please review the full content of the document, as this cannot >> change once the RFC is published. Please pay particular attention to: >> - IANA considerations updates (if applicable) >> - contact information >> - references >> >> * Copyright notices and legends >> >> Please review the copyright notice and legends as defined in >> RFC 5378 and the Trust Legal Provisions >> (TLP – https://trustee.ietf.org/license-info). >> >> * Semantic markup >> >> Please review the markup in the XML file to ensure that elements of >> content are correctly tagged. For example, ensure that <sourcecode> >> and <artwork> are set correctly. See details at >> <https://authors.ietf.org/rfcxml-vocabulary>. >> >> * Formatted output >> >> Please review the PDF, HTML, and TXT files to ensure that the >> formatted output, as generated from the markup in the XML file, is >> reasonable. Please note that the TXT will have formatting >> limitations compared to the PDF and HTML. >> >> >> Submitting changes >> ------------------ >> >> To submit changes, please reply to this email using ‘REPLY ALL’ as all >> the parties CCed on this message need to see your changes. The parties >> include: >> >> * your coauthors >> >> * rfc-edi...@rfc-editor.org (the RPC team) >> >> * other document participants, depending on the stream (e.g., >> IETF Stream participants are your working group chairs, the >> responsible ADs, and the document shepherd). >> >> * auth48archive@rfc-editor.org, which is a new archival mailing list >> to preserve AUTH48 conversations; it is not an active discussion >> list: >> >> * More info: >> >> https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc >> >> * The archive itself: >> https://mailarchive.ietf.org/arch/browse/auth48archive/ >> >> * Note: If only absolutely necessary, you may temporarily opt out >> of the archiving of messages (e.g., to discuss a sensitive matter). >> If needed, please add a note at the top of the message that you >> have dropped the address. When the discussion is concluded, >> auth48archive@rfc-editor.org will be re-added to the CC list and >> its addition will be noted at the top of the message. >> >> You may submit your changes in one of two ways: >> >> An update to the provided XML file >> — OR — >> An explicit list of changes in this format >> >> Section # (or indicate Global) >> >> OLD: >> old text >> >> NEW: >> new text >> >> You do not need to reply with both an updated XML file and an explicit >> list of changes, as either form is sufficient. >> >> We will ask a stream manager to review and approve any changes that seem >> beyond editorial in nature, e.g., addition of new text, deletion of text, >> and technical changes. Information about stream managers can be found in >> the FAQ. Editorial changes do not require approval from a stream manager. >> >> >> Approving for publication >> -------------------------- >> >> To approve your RFC for publication, please reply to this email stating >> that you approve this RFC for publication. Please use ‘REPLY ALL’, >> as all the parties CCed on this message need to see your approval. >> >> >> Files >> ----- >> >> The files are available here: >> https://www.rfc-editor.org/authors/rfc9829.xml >> https://www.rfc-editor.org/authors/rfc9829.html >> https://www.rfc-editor.org/authors/rfc9829.pdf >> https://www.rfc-editor.org/authors/rfc9829.txt >> >> Diff file of the text: >> https://www.rfc-editor.org/authors/rfc9829-diff.html >> https://www.rfc-editor.org/authors/rfc9829-rfcdiff.html (side by side) >> >> Diff of the XML: >> https://www.rfc-editor.org/authors/rfc9829-xmldiff1.html >> >> >> Tracking progress >> ----------------- >> >> The details of the AUTH48 status of your document are here: >> https://www.rfc-editor.org/auth48/rfc9829 >> >> Please let us know if you have any questions. >> >> Thank you for your cooperation, >> >> RFC Editor >> >> -------------------------------------- >> RFC 9829 (draft-ietf-sidrops-rpki-crl-numbers-05) >> >> Title : Handling of Resource Public Key Infrastructure (RPKI) >> Certificate Revocation List (CRL) Number Extensions >> Author(s) : J. Snijders, B. Maddison, T. Buehler >> WG Chair(s) : Russ Housley, Luigi Iannone >> >> Area Director(s) : Mohamed Boucadair, Mahesh Jethanandani >> >> > -- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
