[Acme] Review of draft-sipos-acme-dtnnodeid-01

Russ Housley <housley@vigilsec.com> Wed, 05 August 2020 16:50 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3E8E43A0CE6 for <acme@ietfa.amsl.com>; Wed, 5 Aug 2020 09:50:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id uKv7jaYWaL5b for <acme@ietfa.amsl.com>; Wed, 5 Aug 2020 09:50:25 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F00FF3A0CE3 for <acme@ietf.org>; Wed, 5 Aug 2020 09:50:24 -0700 (PDT)
Received: from localhost (localhost []) by mail.smeinc.net (Postfix) with ESMTP id 5FE5C300B04 for <acme@ietf.org>; Wed, 5 Aug 2020 12:50:22 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([]) by localhost (mail.smeinc.net []) (amavisd-new, port 10026) with ESMTP id hBs_1YQcDv6K for <acme@ietf.org>; Wed, 5 Aug 2020 12:50:20 -0400 (EDT)
Received: from [] (pool-141-156-161-153.washdc.fios.verizon.net []) by mail.smeinc.net (Postfix) with ESMTPSA id DBE3B300AA4 for <acme@ietf.org>; Wed, 5 Aug 2020 12:50:20 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\))
Message-Id: <D0F78E90-1CCE-4E0B-A49C-5899A2FA233C@vigilsec.com>
Date: Wed, 05 Aug 2020 12:50:20 -0400
To: IETF ACME <acme@ietf.org>
X-Mailer: Apple Mail (2.3445.104.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/JiLHys9wikPgUL88FtFQgf6FeZE>
Subject: [Acme] Review of draft-sipos-acme-dtnnodeid-01
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2020 16:50:26 -0000

Document: draft-sipos-acme-dtnnodeid-01
Reviewer: Russ Housley
Date: 2020-08-05

Major Concern:

Section 1: I think that this ACME enrollment mechanism is limited to
"dtn" and "ipn" URIs.  Please say so at the very front of the document.

Section 1: the description stops with the ACME server receiving the
Response Bundle and checking the signature in it.  It should go on and
describe the delivery of the certificate to the DTN node.

Minor Concerns:

Abstract: I find the wording very confusing.  The Introduction makes it
clear that the certificate Subject Alternative Name (SAN) will hold a
Uniform Resource Identifier (URI) that represents the Node ID of a
Delay-Tolerant Networking (DTN) Node.  Please provide the same clarity
in the Abstract.


Section 1: please expand "BP" on first use.

The title for Section 3 is "URI Identifier".  I hope you can find a less
redundant way to start this section.

Section 4 includes "... but SHOULD be no shorter than one second."
Please reword as a SHOULD NOT statement.

Section 4 includes "... but SHOULD be no longer than one minute ..."
Again, please reword as a SHOULD NOT statement.


Once the Major Concerns are addressed, I have no objection to the
ACME WG adopting this I-D.