Re: [Acme] AD Review of draft-ietf-acme-email-smime-07

Alexey Melnikov <alexey.melnikov@isode.com> Tue, 16 June 2020 15:37 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 364EE3A17B2 for <acme@ietfa.amsl.com>; Tue, 16 Jun 2020 08:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vFBW45zeRMDC for <acme@ietfa.amsl.com>; Tue, 16 Jun 2020 08:37:51 -0700 (PDT)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id 31EE63A17BF for <acme@ietf.org>; Tue, 16 Jun 2020 08:37:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1592321864; d=isode.com; s=june2016; i=@isode.com; bh=BwfezqinymAQr39emW5H91U4WPsHN/f51dTUXP9S+8s=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=j/cull+4FyjC2RRewJ4wFl56q+AOem9s8nBOZCVQQLLboxZ7ha1V5s0L16Kcuj28yzRZjh FMCtDXMlIYSsGACujBG1+mwvRmjnNTaRljKUAdo2o6fWxLZNfrKz9m3xL9WH1+wEVxIYUQ FYKrCoCsKBfLlAZ4IZFEiKEylwIphws=;
Received: from [172.27.253.231] (connect.isode.net [172.20.0.72]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <XujnRwBLOTQi@statler.isode.com>; Tue, 16 Jun 2020 16:37:43 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Roman Danyliw <rdd@cert.org>, IETF ACME <acme@ietf.org>
References: <8ecce2820f344c34a124bffa95bd20b6@cert.org>
Message-ID: <1467f346-8c44-ef41-8b60-b57fde1102a1@isode.com>
Date: Tue, 16 Jun 2020 16:37:30 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
In-Reply-To: <8ecce2820f344c34a124bffa95bd20b6@cert.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/F8AWqo63MotNEgB75u7OB0U-Fas>
Subject: Re: [Acme] AD Review of draft-ietf-acme-email-smime-07
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2020 15:37:52 -0000

Hi Roman,

On 22/05/2020 15:54, Roman Danyliw wrote:
> ** Section 6.
>
> -- Recommend explicitly naming the registries being updated
> -- Per the challenge type, all of the fields in the registry aren't described here
> -- Per the challenge type, the text in Section 3 says that the challenge type is "email-reply-00" (not "email-reply" as described here)
>
> I recommend something like the following:
> NEW:
> 6.1.  Identifier Type
>
> Per this document, a new type has been added to the "ACME Identifier Types" registry defined in Section 9.7.7 of [RFC8555] with Label "email" and a Reference to this document.
>
> 6.2.  Challenge Types
>
> Per this document, a new entry have been added to the "ACME Validation Methods" registry defined in Section 9.7.8 of [RFC8555].  This entry is as follows:
>
>             +-------------+-----------------+------+-----------+
>             | Label       | Identifier Type | ACME | Reference |
>             +=============+=================+======+===========+
>             | email-reply-00 | email              | Y    | This document  |
>             +-------------+-----------------+------+-----------+
Thank you for this. I've used some of your suggested text and kept some 
of mine, where I think it was important.
> ** Section 7.  Per "Any claims about the correctness or    fitness-for-purpose of the email address must be otherwise assured", I don't follow the intent of this text.  For example, what is the "correctness ... of the email address"?  What is meant by "assurances"?

This was based on feedback from one of reviewers. It is basically saying 
that issued ACME certificates don't vouch for anything other than "this 
email seems to belong to the entity that requested it". Does this make 
sense?

Best Regards,

Alexey