draft-ietf-sidr-bogons-02 contains a number of things that are either
inconsistent or where I found it difficult to determine the intent.
While some examples are discussed below and can be addressed
piecemeal, I think it would be more effective to address them through
a comprehensive re-editting of the document, looking to simplify the
language and make it significantly more readable. Accordingly, I do
not think this document is ready for WGLC.
Item 1: May BOAs be issued only by RIRs or also by entities further down the
heirarchy? From section 1:
"This document defines an application of the Resource Public Key
Infrastructure (RPKI) to validate the attestations of INTERNET
REGISTERIES that certain addresses are currently neither allocated
nor assigned to any party,..." (emphasis added)
Yet section 4 says:
"ANY PARTY with a validly assigned Internet resource set and a CA
certificate that describes this delegation can publish a BOA,
independently of the actions of the actions of the party that
assigned the resource set." (emphasis added)
Item 2: Why must a BOA contain both ASNs and addresses? Section 2.1.3.2:
"The content of a BOA identifies a list of one or more AS's and one
or more IP address prefixes..."
Item 3: Reading the document the first time, I was very confused by
section 5, in part because the second paragraph, which talks about
AS's, and the third paragraph, which talks about addresses, looked so
similar. Just to help the reader, I suggest adding two subsections,
one referring to AS's, the other to addresses or prefixes. Perhaps
add a sentence referring to the differences (e.g., that AS's listed in
a BOA may be regarded as bogons even if ROAs list those ASs, but ROAs
take precendence over BOAs when it comes to addresses.)
Furthermore, I'm not sure the addresses section (the third paragraph)
is complete. When a BOA referes to an address block that's more
specific than one in the ROA, which takes precedence? (It looks like
the ROA, but I got lost somewhere in the six-line sentence.)
In general, I found this document harder to read than most i-d's, and
I suspect part of it is due to the terminology. I hope the editors
will look for ways to improved the terminology, substituting shorter
names when possible. At the very least, change the name of BOAs so
that there's more visual difference from "ROA". While not technically
substantive, such readability improvements may make it easier for
others to review the document. And given the confusions above, I
think more review is sorely needed.
-- Sam
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
