Custom Query (3 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Ticket Resolution Summary Owner Reporter
#1 fixed Nit Report gih@… gih@…
Description

Quoting form the document, section 8.5:

If there exist files listed on the manifest that do not appear in the repository, then these objects are likely to have been improperly (via malice or accident) deleted from the manifest.

That really should read "... deleted from the repository.", right?

Cheers, Robert

#4 wontfix Nit Report - ROA Format gih@…
Description

the only comment I have is that I'd prefer to see a preference order in validation (section 3) to help relying party S/W writers to make efficient choices in the validation path - but that isn't a stopping block for me.

Cheers Terry

#9 invalid TA nits gih@…
Description

Reported by Roque Gagliano

2.1. A Compound Trust Anchor Structure

The ETA issues a CRL and one EE certificate.

(Roque) I believe it needs to be explained that more than one ETA EE cert may be issued during the life-time of the ETA CA however at any particular moment there is only one valid EE cert.

4.2. RPKI Trust Anchor Object Validation

  1. Use the public key in the EE certificate to verify the

signature on the RTA Trust Anchor Object.

(Roque) s/EE certificate/ETA EE certificate

  • Each time an RTA certificate is re-issued, or prior to the

expiration of the ETA EE certificate, the ETA generates a Cryptographic Message Syntax (CMS) [RFC3852] signed-data object, the payload of which is an RTA certificate.

(Roque) If the ETA EE cert validity period is identical to the RTA validity period as stated in a previous bullet, the second condition ("prior to the expiration of the ETA EE certificate") would be the same as in the following section: "If a trust anchor chooses to reissue its RTA certificate before the expiration of that certificate."

  1. Relying Party use of Trust Anchor Material
  • The ETA's CRL and CMS objects are retrieved from the

publication point referenced by the SIA in the ETA certificate.

(Roque) s/CMS objects/CMS object

Relying Parties SHOULD perform this retrieval and validation

operation at intervals no less frequent than the nextUpdate time of the published ETA CRL, and SHOULD perform the retrieval operation prior to the expiration of the ETA EE certificate, or upon revocation of the ETA EE certificate.

(Roque) If the retrieval operation is for both the CRL and the CMS, I do not understand the last sentence because the RP is not aware of the revocation until it has retrieve the CRL and in at that time it already has the new CMS. So, I would:

s/, or upon revocation of the ETA EE certificate

Note: See TracQuery for help on using queries.