Dear authors, There still are a few nits with the examples in this document.
1/ The sbgp-autonomousSysNum extension in the Trust Anchor MUST be marked critical (RFC 6487 section 4.8.11), it currently is not. 2/ The sbgp-autonomousSysNum extension in the CA cert MUST be marked critical (RFC 6487 section 4.8.11), it currently is not. 3/ On the EE certificate, the basicConstraints extension MUST be absent if the CA bit is set to false. Only CA certificates are expected to carry a basicConstraints extension. (RFC 6487 section 4.8.1) 4/ the lack of CRLs in the example makes it much harder to truly verify the provided geofeed files, please consider including the 2 missing CRLs so a complete example is presented. 5/ Section 3 still lists RSC as 'complex', and RPKI-RTA as 'applicable in the long run'; but draft-ietf-sidrops-rpki-rta-00 has long since expired, and also marked 'replaced by RFC9232'. Can the authors explain what kind of applicability of RTA they envision in the long run? It's also not clear to me how the RTA 'applicability' relates to using a self-signed trust anchor? Kind regards, Job On Mon, Sep 18, 2023 at 06:40:36PM -0700, [email protected] wrote: > Internet-Draft draft-ietf-opsawg-9092-update-02.txt is now available. It is a > work item of the Operations and Management Area Working Group (OPSAWG) WG of > the IETF. > > Title: Finding and Using Geofeed Data > Authors: Randy Bush > Massimo Candela > Warren Kumari > Russ Housley > Name: draft-ietf-opsawg-9092-update-02.txt > Pages: 26 > Dates: 2023-09-18 > > Abstract: > > This document specifies how to augment the Routing Policy > Specification Language inetnum: class to refer specifically to > geofeed data files and describes an optional scheme that uses the > Resource Public Key Infrastructure to authenticate the geofeed > datafiles. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-opsawg-9092-update/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-9092-update-02 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-opsawg-9092-update-02 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
