tim: > (1) The following paragraph appears twice in the document (looks like just a > copy/paste error when moving stuff around): > > "Identifying the private key associated with the certificate and > getting the department that controls the private key (which might be > stored in a Hardware Security Module (HSM)) to generate the CMS > signature is left as an exercise for the implementor. On the other > hand, verifying the signature has no similar complexity; the > certificate, which is validated in the public RPKI, contains the > needed public key." someone caught this the other day, and it has already been fixed in my emacs buffer. good catch anyway; full credit. > (2) Section 6, paragraph 5: is this intended to be a RFC 2119 "MAY"? If so, > capitalize. If not, avoid the word. took me a moment. i think it is para 6, this one, yes? It is good key hygiene to use a given key for only one purpose. To dedicate a signing private key for signing a geofeed file, an RPKI Certification Authority (CA) may issue a subordinate certificate exclusively for the purpose shown in Appendix A. that 'may' should probably be 2119ed. russ, opinion? aside: i hope that 2119 gives meaning to the CAPITALIZED forms, and does not remove the uncapitalized forms from the american/english language. again, thanks for the review. they're hard to get. randy -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
