I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
Please resolve these comments along with any other Last Call comments you may
receive.
Document: draft-ietf-sidr-arch-11
Reviewer: David L. Black
Review Date: February 24, 2011
IETF LC End Date: February 21, 2011
Summary:
This draft is basically ready for publication, but has nits that should be
fixed before publication.
First of all, I apologize for the tardiness of this review; I got sick over the
past weekend and unable to complete the review at that time.
This draft is very well-written - it explains the PKI concepts well and has
good organization and flow. Overall, this is a nice piece of work, and an
example of what an architecture document should be - a technical overview that
leaves the details to other documents.
I found a number of minor items that are mostly editorial:
(1) Section 4.2 variously describes the repository system as including
databases, file systems and possibly web servers as URIs are apparently
required. I suggest that the term "directory structured" be used instead of
discussing a directory in a file system. I suggest that the required update
behavior of the database be described (e.g., how much of full ACID transaction
support is required for what sorts or scopes of transactions). It appears that
URIs are a required form of addressing (e.g., as the SIA certificate extension
contains a URI), and I would suggest discussing the resulting URI requirements
on the access protocols in Section 4.3 (e.g., relationship of the URI structure
to the RSYNC directory structure).
(2) In section 4.3, beyond bulk download of the entire repository contents, is
there also a requirement for bulk download of a directory's contents, or bulk
download of the entire tree structure rooted at a directory?
(3) The last paragraph of Section 5 states that the repository system is
untrusted. That statement should be repeated in
Section 4's material on repositories.
(4) The draft selectively uses RFC 2119 upper case terms and their lower case
counterparts. That usage should be carefully double-checked to ensure that the
stronger upper case terms are used where needed - here are a couple of examples
where upper case may be more appropriate than lower case:
- Top of p. 16: "An authority is required to issue a new manifest ..."
(required -> REQUIRED ?)
- Start of section 7.2: " Whenever a certification authority ..., it
must perform a key rollover procedure."
(must -> MUST ?)
(5) Item 1 in Section 6 on Local Cache Maintenance says:
1. Query the registry system to obtain a copy of all certificates,
manifests and CRLs issued under the PKI.
Was "repository" intended instead of "registry"? Item 3 is related and uses
the term "repository".
(6) idnits 2.12.07 earned its keep by finding a bunch of nits:
** There are 2 instances of too long lines in the document, the longest one
being 18 characters in excess of 72.
== The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but
does not include the phrase in its RFC 2119 key words list.
== Missing Reference: 'RFC3 779' is mentioned on line 166, but not defined
== Missing Reference: 'RFC 5871' is mentioned on line 647, but not defined
== Unused Reference: 'SIDR-ALG' is defined on line 1040, but no explicit
reference was found in the text
== Unused Reference: 'PROVISION' is defined on line 1058, but no explicit
reference was found in the text
== Unused Reference: 'RFC 5781' is defined on line 1062, but no explicit
reference was found in the text
-- No information found for draft-ietf-sidr-rpki-signed-object - is the
name correct?
-- No information found for draft-ietf-sidr-rescert-provisioning - is the
name correct?
Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA 01748
+1 (508) 293-7953 FAX: +1 (508) 293-7786
[email protected] Mobile: +1 (978) 394-7754
----------------------------------------------------
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art
