-07 published

draft-ietf-sidrops-rpki-has-no-identity.xml

@@ -11,7 +11,7 @@
 <?rfc tocindent="yes"?>
 <?rfc tocompact="yes"?>
 
-<rfc category="std" consensus="true" submissionType="IETF" docName="draft-ietf-sidrops-rpki-has-no-identity-06" ipr="trust200902">
+<rfc category="std" consensus="true" submissionType="IETF" docName="draft-ietf-sidrops-rpki-has-no-identity-07" ipr="trust200902">
 
 <front>
 
@@ -105,7 +105,8 @@
     the RPKI does not provide any association between INRs and the real
     world holder(s) of those INRs.  The RPKI provides authorization to
     make assertions only regarding Internet Number Resources, such as IP
-    prefixes or AS numbers, and data such as ASPA records.</t>
+    prefixes or AS numbers, and data such as ASPA <xref
+    target="I-D.ietf-sidrops-aspa-profile"/>records.</t>
 
     <t>In short, avoid the desire to use RPKI certificates for any
     purpose other than the verification of authorizations associated
@@ -135,11 +136,11 @@
 
     <t>That is, RPKI-based credentials of INRs MUST NOT be used to
     authenticate real-world documents or transactions.  That might be
-    done with some formal external authentication of authority for an
+    done with some formal external authentication of authority allowing
-    otherwise anonymous INR holder to authenticate the particular
+    an otherwise anonymous INR holder to authenticate the particular
     document or transaction.  Given such external, i.e. non-RPKI,
-    verification of authority, the use of RPKI-based credentials seems
+    verification of authority, the use of RPKI-based credentials adds no
-    superfluous.</t>
+    authenticity.</t>
   
     </section>
 
@@ -217,7 +218,8 @@
   <section anchor="security" title="Security Considerations">
 
     <t>Attempts to use RPKI data to authenticate real-world documents or
-    other artifacts requiring identity are invalid and misleading.</t>
+    other artifacts requiring identity, while possibly cryptographically
+    valid within the RPKI, are misleading as to any authenticity.</t>
 
     <t>When a document is signed with the private key associated with an
     RPKI certificate, the signer is speaking for the INRs, the IP
@@ -257,8 +259,8 @@
 
     <t>The authors thank George Michaelson and Job Snijders for lively
     discussion, Geoff Huston for some more formal text, Ties de Kock for
-    useful suggestions, and last but not least, Biff for the loan of
+    useful suggestions, many directorate and IESG reviewers, and last
-    Bill's Bait and Sushi.</t>
+    but not least, Biff for the loan of Bill's Bait and Sushi.</t>
     
     </section>
 
@@ -280,6 +282,7 @@
     <?rfc include="reference.RFC.6493.xml"?>
     <?rfc include="reference.I-D.ietf-sidrops-rpki-rsc.xml"?>
     <?rfc include="reference.I-D.ietf-sidrops-rpki-rta.xml"?>
+    <?rfc include="reference.I-D.ietf-sidrops-aspa-profile.xml"?>
     </references>
     
   </back>