Hiya, Adding the text you propose for section 7 seems good. You also asked about adding this:
On 09/01/17 05:41, Sriram, Kotikalapudi (Fed) wrote: > In particular, by following these methods, security concerns > related to possible correlation of RPKI data access > and BGP update events are also mitigated. Maybe better to say something like: "With these caching mechanisms it is believed that an attacker wouldn't be able to meaningfully correlate RPKI data flows with BGPsec RP actions, thus avoiding attacks that attempt to determine the set of ASes interacting with an RP via the interactions between the RP and RPKI servers." Also, I had a look back at the overall thread and I think this is where we're at: discuss point #1: the draft needs a bit of text saying how to handle an SKI that is not 20 bytes long. I don't think we have a text proposal but it should be easy enough, e.g. you could say "If the SKI in a certificate is not 20 bytes long then if it is longer, use the leftmost 20 bytes. If the SKI value is shorter than 20 bytes, then pad left with zero bytes." Note that I don't care which way you prefer to fix this, any way is fine. discuss point #2: this one's sorted. (I updated my ballot to indicate this one's cleared.) discuss point #3: with your suggested text and something like the above we should be good with this one too If you'd like to submit a revised ID with those changes then I should be fine to clear. Cheers, S.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
