From f0d6a236646b459f8a4552c9234443cf514ba7a6 Mon Sep 17 00:00:00 2001
From: Randy Bush <randy@psg.com>
Date: Mon, 25 Apr 2022 14:31:41 -0700
Subject: [PATCH] -07 published

---
 draft-ietf-sidrops-rpki-has-no-identity.xml | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/draft-ietf-sidrops-rpki-has-no-identity.xml b/draft-ietf-sidrops-rpki-has-no-identity.xml
index 8ed06ac..24ef083 100644
--- a/draft-ietf-sidrops-rpki-has-no-identity.xml
+++ b/draft-ietf-sidrops-rpki-has-no-identity.xml
@@ -11,7 +11,7 @@
 <?rfc tocindent="yes"?>
 <?rfc tocompact="yes"?>
 
-<rfc category="std" consensus="true" submissionType="IETF" docName="draft-ietf-sidrops-rpki-has-no-identity-06" ipr="trust200902">
+<rfc category="std" consensus="true" submissionType="IETF" docName="draft-ietf-sidrops-rpki-has-no-identity-07" ipr="trust200902">
 
 <front>
 
@@ -105,7 +105,8 @@
     the RPKI does not provide any association between INRs and the real
     world holder(s) of those INRs.  The RPKI provides authorization to
     make assertions only regarding Internet Number Resources, such as IP
-    prefixes or AS numbers, and data such as ASPA records.</t>
+    prefixes or AS numbers, and data such as ASPA <xref
+    target="I-D.ietf-sidrops-aspa-profile"/>records.</t>
 
     <t>In short, avoid the desire to use RPKI certificates for any
     purpose other than the verification of authorizations associated
@@ -135,11 +136,11 @@
 
     <t>That is, RPKI-based credentials of INRs MUST NOT be used to
     authenticate real-world documents or transactions.  That might be
-    done with some formal external authentication of authority for an
-    otherwise anonymous INR holder to authenticate the particular
+    done with some formal external authentication of authority allowing
+    an otherwise anonymous INR holder to authenticate the particular
     document or transaction.  Given such external, i.e. non-RPKI,
-    verification of authority, the use of RPKI-based credentials seems
-    superfluous.</t>
+    verification of authority, the use of RPKI-based credentials adds no
+    authenticity.</t>
   
     </section>
 
@@ -217,7 +218,8 @@
   <section anchor="security" title="Security Considerations">
 
     <t>Attempts to use RPKI data to authenticate real-world documents or
-    other artifacts requiring identity are invalid and misleading.</t>
+    other artifacts requiring identity, while possibly cryptographically
+    valid within the RPKI, are misleading as to any authenticity.</t>
 
     <t>When a document is signed with the private key associated with an
     RPKI certificate, the signer is speaking for the INRs, the IP
@@ -257,8 +259,8 @@
 
     <t>The authors thank George Michaelson and Job Snijders for lively
     discussion, Geoff Huston for some more formal text, Ties de Kock for
-    useful suggestions, and last but not least, Biff for the loan of
-    Bill's Bait and Sushi.</t>
+    useful suggestions, many directorate and IESG reviewers, and last
+    but not least, Biff for the loan of Bill's Bait and Sushi.</t>
     
     </section>
 
@@ -280,6 +282,7 @@
     <?rfc include="reference.RFC.6493.xml"?>
     <?rfc include="reference.I-D.ietf-sidrops-rpki-rsc.xml"?>
     <?rfc include="reference.I-D.ietf-sidrops-rpki-rta.xml"?>
+    <?rfc include="reference.I-D.ietf-sidrops-aspa-profile.xml"?>
     </references>
     
   </back>