Alexey Melnikov has entered the following ballot position for draft-ietf-sidr-rpsl-sig-11: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidr-rpsl-sig/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- This is a generally a well written document and I don't object to its publication. However I have several minor but important points which should be easy to address: In Section 2.1: Reference to the certificate corresponding to the private key used to sign this object (field "c"). The value of this field MUST be a URL of type "rsync" or "http(s)" You need to have Normative references for the corresponding URI RFCs: RFC 5781 for rsync URIs and RFC 7230 for http/https URIs. that points to a specific resource certificate in an RPKI repository [RFC6481]. Any non URL-safe characters (including semicolon ";" and plus "+") must be URL encoded. This really need a Normative reference to RFC 3986. The signature itself (field "b"). This MUST be the last field in the list. The signature is the output of the signature algorithm using the appropriate private key and the calculated hash value of the object as inputs. The value of this field is the digital signature in base64 encoding [RFC4648]. As RFC 4648 specifies 2 base64 alphabets, you need to include section number. I think you meant Section 4 (and not Section 5). ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- In Section 2.1: Time of signing (field "t"). The format of the value of this field MUST be in the Internet Date/Time format [RFC3339]. All times MUST be converted to Universal Coordinated Time (UTC) To be pedantic, you should clarify that you mean the date-time ABNF production with the timezone always being "Z". In 3.1, inside numbered list (item 3): * Converting all line endings to a single blank space. Please include ASCII code for space, because " " is not very helpful, especially considering that there are other Unicode space characters which are not visually distinguishable. The same issue elsewhere in this section. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
