Reviewer: Tim Hollebeek Review result: Has Nits The document is extremely well written ... I didn't find too much to comment on, despite looking pretty closely at the key management and signing aspects. I just have two nits: (1) The following paragraph appears twice in the document (looks like just a copy/paste error when moving stuff around): "Identifying the private key associated with the certificate and getting the department that controls the private key (which might be stored in a Hardware Security Module (HSM)) to generate the CMS signature is left as an exercise for the implementor. On the other hand, verifying the signature has no similar complexity; the certificate, which is validated in the public RPKI, contains the needed public key." (2) Section 6, paragraph 5: is this intended to be a RFC 2119 "MAY"? If so, capitalize. If not, avoid the word. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call