[Acme] Lars Eggert's Discuss on draft-ietf-acme-star-delegation-07: (with DISCUSS and COMMENT)
Lars Eggert via Datatracker <noreply@ietf.org> Tue, 06 April 2021 12:41 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C4C663A1FD3; Tue, 6 Apr 2021 05:41:14 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Lars Eggert via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-acme-star-delegation@ietf.org, acme-chairs@ietf.org, acme@ietf.org, ynir.ietf@gmail.com, rsalz@akamai.com, rsalz@akamai.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.27.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Lars Eggert <lars@eggert.org>
Message-ID: <161771287425.20330.2738462670630109181@ietfa.amsl.com>
Date: Tue, 06 Apr 2021 05:41:14 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/6YtXENfRJMHDzpYvwcYswgk0rjk>
Subject: [Acme] Lars Eggert's Discuss on draft-ietf-acme-star-delegation-07: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2021 12:41:15 -0000
Lars Eggert has entered the following ballot position for draft-ietf-acme-star-delegation-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-acme-star-delegation/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 5.1, paragraph 4, discuss: > This document requests that IANA create the following new registry > under the Automated Certificate Management Environment (ACME) > Protocol: > > * ACME Identifier Object Fields > > This registry is administered under a Specification Required policy > [RFC8126]. RFC8126 strongly suggests that guidance needs to be given to expert reviewers that are supposed to review and approve requests for "Expert Review" and "Specification Required" registries. This guidance is missing here. What's also missing are designated contact persons and a change controller. Section 5.6, paragraph 2, discuss: > 5.6. CSR Template Extensions > > IANA is requested to establish a registry "STAR Delegation CSR > Template Extensions", with "Expert Review" as its registration > procedure. Same as above. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 1, paragraph 8, comment: > We note that other ongoing efforts address the problem of certificate > delegation for TLS connections, specifically [I-D.ietf-tls-subcerts] > and [I-D.mglt-lurk-tls13]. Compared to these other solutions, the > current document does not introduce additional latency to the TLS > connection, nor does it require changes to the TLS network stack of > either the client or the server. This paragraph should probably be removed upon publication as an RFC? ------------------------------------------------------------------------------- All comments below are very minor change suggestions that you may choose to incorporate in some way (or ignore), as you see fit. There is no need to let me know what you did with these suggestions. Section 3.1, paragraph 10, nit: - e.g. by restricting field lengths. In this regard, note that a + e.g., by restricting field lengths. In this regard, note that a + + Section 4.1, paragraph 3, nit: - This section uses specifically CDNI terminology, e.g. "uCDN" and + This section uses specifically CDNI terminology, e.g., "uCDN" and + + Section 4.1.2.1, paragraph 5, nit: - Unlike HTTP based redirection, where the original URL is supplanted - ^ + Unlike HTTP-based redirection, where the original URL is supplanted + ^
- [Acme] Lars Eggert's Discuss on draft-ietf-acme-s… Lars Eggert via Datatracker
- Re: [Acme] Lars Eggert's Discuss on draft-ietf-ac… Yaron Sheffer