Yes, that's the correct paragraph I was referring to. Unfortunately, RFC 2119 does actually imply that these words can't be used in non-2119 ways: "In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents." I would also prefer it if the uncapitalized versions retained their original English meanings, but these sentences from 2119 are why I recommend avoiding such usages. It is often quite awkward, for example when you're stating mathematical truths instead of requirements (a sentence like "If a number does not have any factors less than its square root other than one, then the number must be prime" should never be followed with "how do you audit that?" But it has happened). -Tim > -----Original Message----- > From: secdir <secdir-bounces@xxxxxxxx> On Behalf Of Randy Bush > Sent: Friday, January 26, 2024 4:42 PM > To: Tim Hollebeek via Datatracker <noreply@xxxxxxxx> > Cc: secdir@xxxxxxxx; draft-ietf-opsawg-9092-update.all@xxxxxxxx; last- > call@xxxxxxxx; opsawg@xxxxxxxx > Subject: Re: [secdir] Secdir last call review of draft-ietf-opsawg-9092-update- > 09 > > tim: > > > (1) The following paragraph appears twice in the document (looks like > > just a copy/paste error when moving stuff around): > > > > "Identifying the private key associated with the certificate and > > getting the department that controls the private key (which might be > > stored in a Hardware Security Module (HSM)) to generate the CMS > > signature is left as an exercise for the implementor. On the other > > hand, verifying the signature has no similar complexity; the > > certificate, which is validated in the public RPKI, contains the > > needed public key." > > someone caught this the other day, and it has already been fixed in my emacs > buffer. good catch anyway; full credit. > > > (2) Section 6, paragraph 5: is this intended to be a RFC 2119 "MAY"? > > If so, capitalize. If not, avoid the word. > > took me a moment. i think it is para 6, this one, yes? > > It is good key hygiene to use a given key for only one purpose. To > dedicate a signing private key for signing a geofeed file, an RPKI > Certification Authority (CA) may issue a subordinate certificate > exclusively for the purpose shown in Appendix A. > > that 'may' should probably be 2119ed. russ, opinion? > > aside: i hope that 2119 gives meaning to the CAPITALIZED forms, and does not > remove the uncapitalized forms from the american/english language. > > again, thanks for the review. they're hard to get. > > randy > > _______________________________________________ > secdir mailing list > secdir@xxxxxxxx > https://www.ietf.org/mailman/listinfo/secdir > wiki: https://wiki.ietf.org/group/secdir/SecDirReview
<<attachment: smime.p7s>>
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
