[Acme] Comments on draft-ietf-acme-integrations
Russ Housley <housley@vigilsec.com> Mon, 02 August 2021 19:20 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 513033A17C2 for <acme@ietfa.amsl.com>; Mon, 2 Aug 2021 12:20:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IiaWnzlYfqrG for <acme@ietfa.amsl.com>; Mon, 2 Aug 2021 12:20:15 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FF423A17BE for <acme@ietf.org>; Mon, 2 Aug 2021 12:20:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 160F4300B6A for <acme@ietf.org>; Mon, 2 Aug 2021 15:20:15 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id L_W_BYo6VJgk for <acme@ietf.org>; Mon, 2 Aug 2021 15:20:13 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id C0973300AEB for <acme@ietf.org>; Mon, 2 Aug 2021 15:20:13 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Message-Id: <714EEEBA-E253-4F9E-B819-35514E083132@vigilsec.com>
Date: Mon, 02 Aug 2021 15:20:12 -0400
To: IETF ACME <acme@ietf.org>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/Jezh8e90YYVGFnH8AJjzQd17bYY>
Subject: [Acme] Comments on draft-ietf-acme-integrations
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 19:20:18 -0000
During the IETF 111 session, I agreed to review draft-ietf-acme-integrations. I have a few comments. MAJOR: Sections 3, 4, 5, and 7.2 seem to have a misunderstanding of EST CSR Attrs, which were recently explained by Dan Harkins on the LAMPS WG mail list: https://mailarchive.ietf.org/arch/msg/spasm/Rr2H6WNEKeRphQ065sEoQ0rGTac/ Dan says, "The intent of the CSR Attrs request is for the RA to ask the client to construct the CSR in some particular way." This portion of all of these sections need to be reconciled with this understanding of EST CSR Attrs. In fact, BRSKI (RFC 8995) will probably need to be updated to reconcile the specifications. EDITORIAL: Section 1, first para: please add a reference to RFC 5280 after "X.509 (PKIX) certificate". Section 1, last para: s/certificate authority/certification authority (CA)/ Section 2: For CMC, please add a reference to RFC 5272, RFC 5273, RFC 5274 and RFC 6402.
- [Acme] Comments on draft-ietf-acme-integrations Russ Housley
- Re: [Acme] Comments on draft-ietf-acme-integratio… Michael Richardson
- Re: [Acme] Comments on draft-ietf-acme-integratio… Russ Housley