Dear Job,

On Thu, Jun 18, 2026 at 3:05 PM Job Snijders <[email protected]> wrote:

> Dear Behcet,
>
> Thank you for your time reviewing this document.
>
> On Thu, Jun 18, 2026 at 08:02:52AM -0700, Behcet Sarikaya via Datatracker
> wrote:
> > Document: draft-ietf-sidrops-rpki-ccr
> > Title: A Profile for Resource Public Key Infrastructure (RPKI) Canonical
> Cache
> > Representation (CCR) Reviewer: Behcet Sarikaya Review result: Ready with
> Nits
> >
> > I am the assigned Gen-ART reviewer for this draft. The General Area
> > Review Team (Gen-ART) reviews all IETF documents being processed
> > by the IESG for the IETF Chair.  Please treat these comments just
> > like any other last call comments.
> >
> > For more information, please see the FAQ at
> >
> > <https://wiki.ietf.org/en/group/gen/GenArtFAQ>.
> >
> > Document: draft-ietf-sidrops-rpki-ccr-??
> > Reviewer: Behcet Sarikaya
> > Review Date: 2026-06-18
> > IETF LC End Date: 2026-06-17
> > IESG Telechat date: 2026-07-02
> >
> > Summary:
> > The document defines a DER-encoded data format for RPKI Relying Party
> software
> > to share validated cache state. The document provides a standardized
> method for
> > audit trails and analytics by creating a Canonical Cache Representation
> (CCR).
> > Major issues:
> >
> > Minor issues:
> >
> > Nits/editorial comments:
> > unused refs RFC6268 RFC8792
>
> 6268 is referenced from within the ASN.1 code block, idnits doesn't
> recognize that.
>
> 8792 is referenced from within a CODE BLOCK, idnits doesn't recognize that.
>
> I expect the rfc editor to help make it precisely as they'd like to see it.
>
> OK


> > Section 3.4.4 SHA-1 SHA-1 as a cryptographic algorithm is deprecated and
> should
> > be phased out by Dec. 31, 2030
>
> In this context, SHA-1 is not used for cryptographic purposes.
>
> The CCR embedded integrity checksums and the content address references
> to objects outside the CCR all use SHA-256. See 'hashAlg' in section 3.2.
>
> This is what I found on my search:
SHA-1 is no longer secure because it is vulnerable to "collision attacks,"
where two different inputs produce the exact same hash

What would you say?
Regards,
Behcet

> Kind regards,
>
> Job
>
_______________________________________________
Gen-art mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to