[Acme] Secdir last call review of draft-ietf-acme-authority-token-tnauthlist-07
Nancy Cam-Winget via Datatracker <noreply@ietf.org> Thu, 25 March 2021 22:22 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A41C43A0C5B; Thu, 25 Mar 2021 15:22:51 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Nancy Cam-Winget via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: acme@ietf.org, draft-ietf-acme-authority-token-tnauthlist.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.27.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <161671097161.19931.2101173557579231370@ietfa.amsl.com>
Reply-To: Nancy Cam-Winget <ncamwing@cisco.com>
Date: Thu, 25 Mar 2021 15:22:51 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/EGQ12q620gUjjQc6hilKg-6pDhY>
Subject: [Acme] Secdir last call review of draft-ietf-acme-authority-token-tnauthlist-07
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 22:22:52 -0000
Reviewer: Nancy Cam-Winget Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the extensions to ACME to allow for a third party Token Authority also act as the authority and authorization of entities to control a resource; the use case and motivating scenario described in the draft is for a telephone authority to be the authority for creating CA types of certificates for (STIR) delegation. The document assumes full knowledge of a set of drafts and is straightforward. I only have a couple of nits but otherwise I think it is ready. NITs: Section 5.2: the "exp" claim is mute on SHOULD vs MUST, it seems that you would want to have such a claim so minimally a SHOULD? Section 5.3: is this optional, may or must? Section 5.4: personal nit, the section should specify this claim to be a MUST, it is implicitly stated but would prefer it to be explicit. Section 6: -I presume that "verify the atc field" is actually verifying that the TNAuthList token is valid?
- [Acme] Secdir last call review of draft-ietf-acme… Nancy Cam-Winget via Datatracker
- Re: [Acme] Secdir last call review of draft-ietf-… Chris Wendt