Looking some more at this, I would not want to try and troubleshoot this protocol with such a limited range of error messages. Not something I am likely to be doing but were I to, I would like to see an indication of the nature of the error (eg in attribute, element, certificate) and where the error was found (the relevant name) and for authentication errors, well, look at the certificate related TLS Alerts which suggest to me the level of detail that has found to be needed in at least some quarters. And bear in mind that you are making no recommendation about most of the certificate options, just that you expect them to be the usual ones:-) As it is, I would not know where to place most errors into the three possibilities provided. Tom Petch ----- Original Message ----- From: "Rob Austein" <sra@xxxxxxxxxx> To: "tom p." <daedulus@xxxxxxxxxxxxx> Cc: "Chris Morrow" <morrowc@xxxxxxxxxxxxxx>; <sidr-chairs@xxxxxxxx>; <ietf@xxxxxxxx>; <draft-ietf-sidr-rpki-oob-setup@xxxxxxxx>; <sidr@xxxxxxxx> Sent: Thursday, December 29, 2016 11:15 PM Subject: Re: [sidr] Last Call: <draft-ietf-sidr-rpki-oob-setup-04.txt> (An Out-Of-Band Setup Protocol For RPKI Production Services) to Proposed Standard > At Wed, 28 Dec 2016 10:55:15 +0000, tom p. wrote: > > > > When I saw BPKI in the Abstract, I thought 'typo'! Reading on, it > > isn't; in which case, it needs expanding in the Abstract. > > > > Appendix A is in RelaxNG; I would like a reference for that language. > > > > Is Appendix A Normative? i.e. in the event of a mismatch between the > > body of the I-D and Appendix A, which wins? If Appendix A, then that > > reference should be Normative. > > Thanks for the review! I agree with all of the above, will post > revisions post-LC unless there is reason to update sooner. > > Yes, I think the RelaxNG schema had best be normative. We already > found and fixed one minor disagreement between text and schema; > unsurprisingly, running code in that case agreed with the schema. > > _______________________________________________ > sidr mailing list > sidr@xxxxxxxx > https://www.ietf.org/mailman/listinfo/sidr