Last Call Review of draft-ietf-sidr-rpki-algs-
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.
This document describes the algorithm suite used as part of the RPKI. The suite specifies a single signature algorithm (RSA) with a single key size, a single hashing algorithm (SHA-256), a single signature format, and formats for describing the public key. Section 5 indicates that this profile will be updated when the RPKI needs to adapt different choices. I was glad to see such an algorithm agility plan, but this implies that this will in fact never have a peer document describing another profile. In such a case I would expect the document title to be more inclusive (e.g., drop the first three words of the title). Alternatively, it might be helpful to describe in Section 5 under what circumstance another profile would be published instead of updating this one.
The Security Considerations document refers the reader to the security considerations described in several other documents. After reading those sections, I agree this is appropriate.
Security Standards and Technology, SRTG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew at cisco.com