A Profile for RPKI Signed Checklists (RSCs)
draft-ietf-sidrops-rpki-rsc-11

[Ballot comment]
Thanks for tidying up the IANA Considerations.

The answer to question 11 of the shepherd writeup is not complete.

Thanks to Russ Housley for his ARTART review.

I find the "SHOULD be aware" in Section 4.2 to be curious.  How does an implementer satisfy the "aware" condition?

Regarding the "SHOULD" in Section 7, I suggest including some advice about what other action an implementer might choose to take, and why.

[Ballot discuss]
Let's chat about IANA Considerations, which I think needs some work.  Fortunately, I think these all have straightforward fixes.

First, the easy stuff: "Required parameters" and "Optional parameters" should probably not be "None"; see RFC 6838 Section 5.6.

The "Security Considerations" field simply states what the payload is.  I think, at a minimum, this should specifically refer to the Security Considerations in the referenced document.  Moreover, note this from RFC 6838:

  o  Any security analysis MUST state whether or not they employ such
      "active content"; if they do, they MUST state what steps have been
      taken, or MUST be taken by applications of the media type, to
      protect users of the media type from harm.

This required content is absent.  In the referenced document I don't see any evidence that there's active content (i.e., the payload is not directly executable as far as I can tell), but it would be a good idea to say so, at least because the BCP requires it.

Finally, as this is a standards action with IETF consensus, the change controller is supposed to be the IETF.

Separately, the double "SHOULD" in bullet #1 of Section 6 leaves the possibility that an implementation does neither of those things.  Is that what you intended to allow?  If not, some revised guidance here is probably in order.

[Ballot comment]
The answer to question 11 of the shepherd writeup is not complete.

Thanks to Russ Housley for his ARTART review.

I find the "SHOULD be aware" in Section 4.2 to be curious.  How does an implementer satisfy the "aware" condition?

Regarding the "SHOULD" in Section 7, I suggest including some advice about what other action an implementer might choose to take, and why.

[Ballot comment]
fileName field is clarified as:

  *  MUST contain only characters specified in the Portable Filename
      Character Set as defined in [POSIX].

  *  MUST be unique with respect to the other FileNameAndHash elements
      of checkList for which the fileName field is also present.

but earlier we had PortableFilename as:

    IA5String (FROM("a".."z" | "A".."Z" | "0".."9" | "." | "_" | "-"))

Is there a reason these two are not defined with the same constraints? (or is that
the POSIX constraint, if so why not describe it both in the same way ?)

NITS:

        The IANA has permanently allocated

remove "permanently" ?

        conatained

contained

SAFI is not expanded on first use.

[Ballot comment]
# GEN AD review of draft-ietf-sidrops-rpki-rsc-10

CC @larseggert

Thanks to Stewart Bryant for the General Area Review Team (Gen-ART) review
(https://mailarchive.ietf.org/arch/msg/gen-art/osm7kWl75K8S6I4tvWACqYSrKuc).

## Comments

### DOWNREFs

DOWNREF from this Standards Track doc to
`[IANA.ADDRESS-FAMILY-NUMBERS]`, which is a URL.

I think this normative reference should be to the RFCs that created the
registries, i.e., [RFC2453][RFC2677][RFC2858].

## Nits

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

### Typos

#### Section 4.2, paragraph 7
```
-    specification conatained in [RFC3779] may enable implementors to
-                    -
```

#### Section 4.2.1, paragraph 1
```
-    ConstrainedASIdentifiers is a SEQUENCE, constisting of a single field
-                                                -
```

#### Section 6, paragraph 2
```
-    *  The RSC MUST be validated acording to the procedure described in
+    *  The RSC MUST be validated according to the procedure described in
+                                  +
```

#### Section 10.5, paragraph 3
```
-    registation to the "Media Types" registry and to reference the RFC
+    registration to the "Media Types" registry and to reference the RFC
+          +
```

### Grammar/style

#### Section 5, paragraph 4
```
ue, otherwise verification MUST fail and the error SHOULD be reported to the
                                    ^^^^
```
Use a comma before "and" if it connects two independent clauses (unless they
are closely connected and short).

#### Section 6, paragraph 6
```
ASCII, UTF-8, HTML, Javascript, XML, etc) it is RECOMMENDED to convert such o
                                    ^^^
```
A period is needed after the abbreviation "etc.".

#### Section 8, paragraph 1
```
icitly referenced object might not be a RSC, it might never have been publish
                                      ^
```
Use "an" instead of "a" if the following word starts with a vowel sound, e.g.
"an article", "an hour".

#### Section 8, paragraph 1
```
t might not be a RSC, it might never have been published, or was revoked befo
                              ^^^^^^^^^^^^^^^
```
The adverb "never" is usually put between "have" and "been".

#### Section 8, paragraph 2
```
without access to a given RSC. While an one-time-use EE Certificate must only
                                    ^^
```
Use "a" instead of "an" if the following word doesn't start with a vowel sound,
e.g. "a sentence", "a university".

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT].

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments
[IRT]: https://github.com/larseggert/ietf-reviewtool

[Ballot comment]
Thank you to Donald Eastlake for the SECDIR review.

** Section 6.  I don’t fully understand the use case motivating the RSC, hence this question.  The significance of how certain blobs to be verified come to be named or not, and how this information is shared between creator and verifier of the checklist was not clear to me either.  Would a verifier know for what blobs to enable or disable “filename-aware” mode?  Could there be case where a checklist has a blob without a filename, but the verifier of the blob keeps it in a named file anyway and would also need to remember to strip that filename when starting step 1?

** Section 7.

If a fileName field is present, but no referenced digital object has
  a filename that matches the content of that field, ...

When should this guidance be executed?  Is that part of the validation process in Section 6?

** Typos:
-- Section 4.2 s/conatained/contained/
-- Section 4.2.1. s/constisting/consisting/
-- Section 6. s/acording /according/

[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-sidrops-rpki-rsc-10

CC @evyncke

Thank you for the work put into this document. I appreciated the humor at the end of section 2.

Please find below two non-blocking COMMENT points (but replies would be appreciated even if only for my own education).

Special thanks to Keyur Patel for the shepherd's detailed write-up including the WG consensus but missing the justification of the intended status.

I hope that this review helps to improve the document,

Regards,

-éric
## COMMENTS

### Section 4.2.2

Just for my own curiosity, what is the reason to mandate an order in the AFI? While the addresses, within an address family, do not need to be sorted

### POSIX reference

IMHO, POSIX should be normative as it is part of a MUST sentence in section 4.4.1

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues.

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments

[Ballot comment]
Thanks for this document.  Just a couple of minor/nit level comments:

Minor level comments:

(1) p 6, sec 4.4.1.  FileNameAndHash

Should this section provide any additional text to describe what the hash field is?



Nit level comments:

(2) p 3, sec 2.  RSC Profile and Distribution

  What constitutes suitable transport for RSC files is deliberately
  unspecified.  It might be a USB stick, a web interface secured with
  conventional HTTPS, PGP-signed email, a T-shirt printed with a QR
  code, or a carrier pigeon.

Perhaps:  "For example, it might be ..." or otherwise someone might incorrectly interpret this as ruling out other transport mechanisms, such as a drone based light show.

Thanks,
Rob

[Ballot comment]
# Internet AD comments for {draft-ietf-sidrops-rpki-rsc-10}
CC @ekline

## Comments

### S7,8

* Should there be any text about implementations validating that the value
  of fileName doesn't cause the implementation to examine files outside of
  a scoped set of directories, as an operational policy matter?

## Nits

### S4.2.1

* "constisting" -> "consisting"

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-sidrops-rpki-rsc-08. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are five actions which we must complete.

First, in the SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1) registry on the Structure of Management Information (SMI) Numbers (MIB Module Registrations) page located at:

https://www.iana.org/assignments/smi-numbers/

the existing registration for

Decimal Description References
---------------------------------------------------------------
48 id-ct-signedChecklist [draft-ietf-sidrops-rpki-rsc]

will have its reference changed to [ RFC-to-be ].

Second, in the RPKI Signed Objects registry on the Resource Public Key Infrastructure (RPKI) registry page located at:

https://www.iana.org/assignments/rpki/

a new registration will be made as follows:

Name: Signed Checklist
OID: 1.2.840.113549.1.9.16.1.48
Reference: [ RFC-to-be ]

Third, in the RPKI Repository Name Schemes registry also on the Resource Public Key Infrastructure (RPKI) registry page located at:

https://www.iana.org/assignments/rpki/

the temporary registration for

Filename Extension RPKI Object Reference
-------------------------------------------------------------------
.sig Signed Checklist [draft-ietf-sidrops-rpki-rsc]

will be made permanent and the reference changed to [ RFC-to-be ].

Fourth, in the SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0) registry also on the Structure of Management Information (SMI) Numbers (MIB Module Registrations) page located at:

https://www.iana.org/assignments/smi-numbers/

the existing registration for

Decimal Description References
-----------------------------------------------------------------------
73 id-mod-rpkiSignedChecklist-2021 [draft-ietf-sidrops-rpki-rsc]

will have its reference changed to [ RFC-to-be ].

Fifth, in the Provisional Standard Media Type Registry located at:

https://www.iana.org/assignments/provisional-standard-media-types/

IANA has registered the media type application/rpki-checklist with a reference pointing to [draft-ietf-sidrops-rpki-rsc-02].

Upon approval of this document, IANA will remove that registration and create a new registration in the application space of the Media Types registry as follows:

Name: application/rpki-checklist
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

Sabrina Tanamal
Lead IANA Services Specialist

The following Last Call announcement was sent out (ends 2022-08-24):

From: The IESG
To: IETF-Announce
CC: draft-ietf-sidrops-rpki-rsc@ietf.org, keyur@arrcus.com, sidrops-chairs@ietf.org, sidrops@ietf.org, warren@kumari.net
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (A profile for Resource Public Key Infrastructure (RPKI) Signed Checklists (RSC)) to Proposed Standard


The IESG has received a request from the SIDR Operations WG (sidrops) to
consider the following document: - 'A profile for Resource Public Key
Infrastructure (RPKI) Signed
  Checklists (RSC)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2022-08-24. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document defines a Cryptographic Message Syntax (CMS) profile
  for a general purpose listing of checksums (a 'checklist'), for use
  with the Resource Public Key Infrastructure (RPKI).  The objective is
  to allow an attestation, in the form of a listing of one or more
  checksums of arbitrary digital objects (files), to be signed "with
  resources", and for validation to provide a means to confirm a
  specific Internet Resource Holder produced the Signed Checklist.  The
  profile is intended to provide for the signing of an arbitrary
  checksum listing with a specific set of Internet Number Resources.





The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-rsc/



No IPR declarations have been submitted directly on this I-D.

# Document Shepherd Writeup

This version is dated 30 April 2022.

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There has been a good consensus to progress the document.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

No.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Section 8: Implementation Status records the status of known implementations of the protocol defined by this draft.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

There are no mib/yang/etc. requirements in this document.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

There is no yang model here.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

The shepherd has read through the several versions and the document is in a good shape to progress further.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?

None.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?

Proposed Standard.

12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.

Yes. Following IPR disclosures have been done so far:

https://mailarchive.ietf.org/arch/msg/sidrops/B9JCmW_WKtCHa4ydsOBRPizwHwU/

https://mailarchive.ietf.org/arch/msg/sidrops/N0G4bRSnp03F9qjyiq9bi8ftdHg/

https://mailarchive.ietf.org/arch/msg/sidrops/2448nMklLgl6aQpX4eaRG2VsQIQ/

13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.

There are only 3 Authors listed on the document. All of them have confirmed their willingness to be listed as Authors.

14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.

There are minor nits that needs to be cleaned up.

Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

    No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

    No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There are 3 instances of too long lines in the document, the longest one
    being 18 characters in excess of 72.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document date (26 May 2022) is 62 days in the past.  Is this
    intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

    (See RFCs 3967 and 4897 for information about using normative references
    to lower-maturity documents in RFCs)

  == Missing Reference: 'RFC6268' is mentioned on line 178, but not defined

  -- Looks like a reference, but probably isn't: '0' on line 222

  -- Looks like a reference, but probably isn't: '1' on line 210

  == Missing Reference: 'RFC-TBD' is mentioned on line 582, but not defined

  -- Possible downref: Non-RFC (?) normative reference: ref.
    'ADDRESS-FAMILY-NUMBERS'

  ** Obsolete normative reference: RFC 6486 (Obsoleted by RFC 9286)


    Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 4 comments (--).

    Run idnits with the --verbose option for more detailed information about
    the items above.

15. Should any informative references be normative or vice-versa?

No.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

None.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.

No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?

Two references were found:

[I-D.ietf-sidrops-rpki-rta]
              Michaelson, G., Huston, G., Harrison, T., Bruijnzeels, T.,
              and M. Hoffmann, "A profile for Resource Tagged
              Attestations (RTAs)", Work in Progress, Internet-Draft,
              draft-ietf-sidrops-rpki-rta-00, 21 January 2021,
              .

[I-D.ymbk-sidrops-rpki-has-no-identity]
              Bush, R. and R. Housley, "The I in RPKI does not stand for
              Identity", Work in Progress, Internet-Draft, draft-ymbk-
              sidrops-rpki-has-no-identity-00, 16 March 2021,
              .

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

None.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).

All the references to IANA registries have been clearly identified. The draft refers to following registries: SMI Security for S/MIME CMS Content Type registry, RPKI Signed Objects sub-registry, RPKI Repository Name Scheme registry, SMI Security for S/MIME registry, and Provisional Standard Media Type registry.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html

None.

# Document Shepherd Writeup

This version is dated 30 April 2022.

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There has been a good consensus to progress the document.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

No.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Section 8: Implementation Status records the status of known implementations of the protocol defined by this draft.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

There are no mib/yang/etc. requirements in this document.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

There is no yang model here.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

The shepherd has read through the several versions and the document is in a good shape to progress further.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?

None.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?

Proposed Standard.

12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.

Yes. Following IPR disclosures have been done so far:

https://mailarchive.ietf.org/arch/msg/sidrops/B9JCmW_WKtCHa4ydsOBRPizwHwU/

https://mailarchive.ietf.org/arch/msg/sidrops/N0G4bRSnp03F9qjyiq9bi8ftdHg/

https://mailarchive.ietf.org/arch/msg/sidrops/2448nMklLgl6aQpX4eaRG2VsQIQ/

13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.

There are only 3 Authors listed on the document. All of them have confirmed their willingness to be listed as Authors.

14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.

There are minor nits that needs to be cleaned up.

Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

    No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

    No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There are 3 instances of too long lines in the document, the longest one
    being 18 characters in excess of 72.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document date (26 May 2022) is 62 days in the past.  Is this
    intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

    (See RFCs 3967 and 4897 for information about using normative references
    to lower-maturity documents in RFCs)

  == Missing Reference: 'RFC6268' is mentioned on line 178, but not defined

  -- Looks like a reference, but probably isn't: '0' on line 222

  -- Looks like a reference, but probably isn't: '1' on line 210

  == Missing Reference: 'RFC-TBD' is mentioned on line 582, but not defined

  -- Possible downref: Non-RFC (?) normative reference: ref.
    'ADDRESS-FAMILY-NUMBERS'

  ** Obsolete normative reference: RFC 6486 (Obsoleted by RFC 9286)


    Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 4 comments (--).

    Run idnits with the --verbose option for more detailed information about
    the items above.

15. Should any informative references be normative or vice-versa?

No.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

None.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.

No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?

Two references were found:

[I-D.ietf-sidrops-rpki-rta]
              Michaelson, G., Huston, G., Harrison, T., Bruijnzeels, T.,
              and M. Hoffmann, "A profile for Resource Tagged
              Attestations (RTAs)", Work in Progress, Internet-Draft,
              draft-ietf-sidrops-rpki-rta-00, 21 January 2021,
              .

[I-D.ymbk-sidrops-rpki-has-no-identity]
              Bush, R. and R. Housley, "The I in RPKI does not stand for
              Identity", Work in Progress, Internet-Draft, draft-ymbk-
              sidrops-rpki-has-no-identity-00, 16 March 2021,
              .

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

None.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).

All the references to IANA registries have been clearly identified. The draft refers to following registries: SMI Security for S/MIME CMS Content Type registry, RPKI Signed Objects sub-registry, RPKI Repository Name Scheme registry, SMI Security for S/MIME registry, and Provisional Standard Media Type registry.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html

None.

# Document Shepherd Writeup

This version is dated 30 April 2022.

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There has been a good consensus to progress the document.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

No.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Section 8: Implementation Status records the status of known implementations of the protocol defined by this draft.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

There are no mib/yang/etc. requirements in this document.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

There is no yang model here.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

The shepherd has read through the several versions and the document is in a good shape to progress further.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?

None.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?

Proposed Standard.

12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.

Yes. Following IPR disclosures have been done so far:

https://mailarchive.ietf.org/arch/msg/sidrops/B9JCmW_WKtCHa4ydsOBRPizwHwU/

https://mailarchive.ietf.org/arch/msg/sidrops/N0G4bRSnp03F9qjyiq9bi8ftdHg/

https://mailarchive.ietf.org/arch/msg/sidrops/2448nMklLgl6aQpX4eaRG2VsQIQ/

13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.

There are only 3 Authors listed on the document. All of them have confirmed their willingness to be listed as Authors.

14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.

There are minor nits that needs to be cleaned up.

Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There is 1 instance of too long lines in the document, the longest one
    being 3 characters in excess of 72.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document date (12 February 2022) is 77 days in the past.  Is this
    intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

    (See RFCs 3967 and 4897 for information about using normative references
    to lower-maturity documents in RFCs)

  == Missing Reference: 'RFC6268' is mentioned on line 172, but not defined

  -- Looks like a reference, but probably isn't: '0' on line 201

  -- Looks like a reference, but probably isn't: '1' on line 202

  == Missing Reference: 'RFC-TBD' is mentioned on line 433, but not defined


    Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 3 comments (--).

    Run idnits with the --verbose option for more detailed information about
    the items above.

15. Should any informative references be normative or vice-versa?

No.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

None.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.

No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?

Two references were found:

[I-D.ietf-sidrops-rpki-rta]
              Michaelson, G., Huston, G., Harrison, T., Bruijnzeels, T.,
              and M. Hoffmann, "A profile for Resource Tagged
              Attestations (RTAs)", Work in Progress, Internet-Draft,
              draft-ietf-sidrops-rpki-rta-00, 21 January 2021,
              .

[I-D.ymbk-sidrops-rpki-has-no-identity]
              Bush, R. and R. Housley, "The I in RPKI does not stand for
              Identity", Work in Progress, Internet-Draft, draft-ymbk-
              sidrops-rpki-has-no-identity-00, 16 March 2021,
              .

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

None.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).

All the references to IANA registries have been clearly identified. The draft refers to following registries: SMI Security for S/MIME CMS Content Type registry, RPKI Signed Objects sub-registry, RPKI Repository Name Scheme registry, SMI Security for S/MIME registry, and Provisional Standard Media Type registry.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html

None.

# Document Shepherd Writeup

This version is dated 30 April 2022.

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There has been a good consensus to progress the document.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

No.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Section 8: Implementation Status records the status of known implementations of the protocol defined by this draft.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

There are no mib/yang/etc. requirements in this document.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

There is no yang model here.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

The shepherd has read through the several versions and the document is in a good shape to progress further.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?

None.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?

Proposed Standard.

12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.

Yes. Following IPR disclosures have been done so far:

https://mailarchive.ietf.org/arch/msg/sidrops/B9JCmW_WKtCHa4ydsOBRPizwHwU/

https://mailarchive.ietf.org/arch/msg/sidrops/N0G4bRSnp03F9qjyiq9bi8ftdHg/


13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.

There are only 3 Authors listed on the document. All of them have confirmed their willingness to be listed as Authors.

14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.

There are minor nits that needs to be cleaned up.

Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There is 1 instance of too long lines in the document, the longest one
    being 3 characters in excess of 72.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document date (12 February 2022) is 77 days in the past.  Is this
    intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

    (See RFCs 3967 and 4897 for information about using normative references
    to lower-maturity documents in RFCs)

  == Missing Reference: 'RFC6268' is mentioned on line 172, but not defined

  -- Looks like a reference, but probably isn't: '0' on line 201

  -- Looks like a reference, but probably isn't: '1' on line 202

  == Missing Reference: 'RFC-TBD' is mentioned on line 433, but not defined


    Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 3 comments (--).

    Run idnits with the --verbose option for more detailed information about
    the items above.

15. Should any informative references be normative or vice-versa?

No.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

None.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.

No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?

Two references were found:

[I-D.ietf-sidrops-rpki-rta]
              Michaelson, G., Huston, G., Harrison, T., Bruijnzeels, T.,
              and M. Hoffmann, "A profile for Resource Tagged
              Attestations (RTAs)", Work in Progress, Internet-Draft,
              draft-ietf-sidrops-rpki-rta-00, 21 January 2021,
              .

[I-D.ymbk-sidrops-rpki-has-no-identity]
              Bush, R. and R. Housley, "The I in RPKI does not stand for
              Identity", Work in Progress, Internet-Draft, draft-ymbk-
              sidrops-rpki-has-no-identity-00, 16 March 2021,
              .

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

None.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).

All the references to IANA registries have been clearly identified. The draft refers to following registries: SMI Security for S/MIME CMS Content Type registry, RPKI Signed Objects sub-registry, RPKI Repository Name Scheme registry, SMI Security for S/MIME registry, and Provisional Standard Media Type registry.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html

None.

# Document Shepherd Writeup

This version is dated 30 April 2022.

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

No.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

None.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

There are no mib/yang/etc. requirements in this document.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

There is no yang model here.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?

None.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?

Proposed Standard.

12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.

13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.

There are only 4 Authors listed on the document. All of them have confirmed their willingness to be listed as Authors.

14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.

There are minor nits that needs to be cleaned up.

Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There is 1 instance of too long lines in the document, the longest one
    being 3 characters in excess of 72.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document date (12 February 2022) is 77 days in the past.  Is this
    intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

    (See RFCs 3967 and 4897 for information about using normative references
    to lower-maturity documents in RFCs)

  == Missing Reference: 'RFC6268' is mentioned on line 172, but not defined

  -- Looks like a reference, but probably isn't: '0' on line 201

  -- Looks like a reference, but probably isn't: '1' on line 202

  == Missing Reference: 'RFC-TBD' is mentioned on line 433, but not defined


    Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 3 comments (--).

    Run idnits with the --verbose option for more detailed information about
    the items above.

15. Should any informative references be normative or vice-versa?

No.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

None.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.

No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?

Two references were found:

[I-D.ietf-sidrops-rpki-rta]
              Michaelson, G., Huston, G., Harrison, T., Bruijnzeels, T.,
              and M. Hoffmann, "A profile for Resource Tagged
              Attestations (RTAs)", Work in Progress, Internet-Draft,
              draft-ietf-sidrops-rpki-rta-00, 21 January 2021,
              .

[I-D.ymbk-sidrops-rpki-has-no-identity]
              Bush, R. and R. Housley, "The I in RPKI does not stand for
              Identity", Work in Progress, Internet-Draft, draft-ymbk-
              sidrops-rpki-has-no-identity-00, 16 March 2021,
              .

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

None.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).

All the references to IANA registries have been clearly identified. The draft refers to following registries: SMI Security for S/MIME CMS Content Type registry, RPKI Signed Objects sub-registry, RPKI Repository Name Scheme registry, SMI Security for S/MIME registry, and Provisional Standard Media Type registry.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html

None.