Dear Job,
On Thu, Jun 18, 2026 at 3:05 PM Job Snijders <[email protected]> wrote: > Dear Behcet, > > Thank you for your time reviewing this document. > > On Thu, Jun 18, 2026 at 08:02:52AM -0700, Behcet Sarikaya via Datatracker > wrote: > > Document: draft-ietf-sidrops-rpki-ccr > > Title: A Profile for Resource Public Key Infrastructure (RPKI) Canonical > Cache > > Representation (CCR) Reviewer: Behcet Sarikaya Review result: Ready with > Nits > > > > I am the assigned Gen-ART reviewer for this draft. The General Area > > Review Team (Gen-ART) reviews all IETF documents being processed > > by the IESG for the IETF Chair. Please treat these comments just > > like any other last call comments. > > > > For more information, please see the FAQ at > > > > <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. > > > > Document: draft-ietf-sidrops-rpki-ccr-?? > > Reviewer: Behcet Sarikaya > > Review Date: 2026-06-18 > > IETF LC End Date: 2026-06-17 > > IESG Telechat date: 2026-07-02 > > > > Summary: > > The document defines a DER-encoded data format for RPKI Relying Party > software > > to share validated cache state. The document provides a standardized > method for > > audit trails and analytics by creating a Canonical Cache Representation > (CCR). > > Major issues: > > > > Minor issues: > > > > Nits/editorial comments: > > unused refs RFC6268 RFC8792 > > 6268 is referenced from within the ASN.1 code block, idnits doesn't > recognize that. > > 8792 is referenced from within a CODE BLOCK, idnits doesn't recognize that. > > I expect the rfc editor to help make it precisely as they'd like to see it. > > OK > > Section 3.4.4 SHA-1 SHA-1 as a cryptographic algorithm is deprecated and > should > > be phased out by Dec. 31, 2030 > > In this context, SHA-1 is not used for cryptographic purposes. > > The CCR embedded integrity checksums and the content address references > to objects outside the CCR all use SHA-256. See 'hashAlg' in section 3.2. > > This is what I found on my search: SHA-1 is no longer secure because it is vulnerable to "collision attacks," where two different inputs produce the exact same hash What would you say? Regards, Behcet > Kind regards, > > Job >
_______________________________________________ Gen-art mailing list -- [email protected] To unsubscribe send an email to [email protected]
