[Acme] Opsdir last call review of draft-ietf-acme-integrations-12
Bo Wu via Datatracker <noreply@ietf.org> Fri, 20 January 2023 09:54 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 17114C15155C; Fri, 20 Jan 2023 01:54:37 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Bo Wu via Datatracker <noreply@ietf.org>
To: ops-dir@ietf.org
Cc: acme@ietf.org, draft-ietf-acme-integrations.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 9.6.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <167420847708.3508.5254633096572743730@ietfa.amsl.com>
Reply-To: Bo Wu <lana.wubo@huawei.com>
Date: Fri, 20 Jan 2023 01:54:37 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/KoVAn4FwrZYSy94EuHaUbLYKzyU>
Subject: [Acme] Opsdir last call review of draft-ietf-acme-integrations-12
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2023 09:54:37 -0000
Reviewer: Bo Wu Review result: Has Nits Hi, I am the assigned ops reviewer for this draft. This draft is an Informational draft, which defines the integration of ACME with EST, Brisk, and TEEP for automatic certificate enrollment for devices. It would be clearer if the draft title matchs the content,e.g. ACME integration for device certificate enrollment. Nits: 1) In Section 6, s/enrol/enroll After establishing the outer TLS tunnel, the TEAP server instructs the client to enrol for a certificate by sending a PKCS#10 TLV in the body of a Request-Action TLV. 2) In Section 9, s/the the/the An attacker that has access to them, can provision their own certificates into the the name space of the entity. Thanks, Bo
- [Acme] Opsdir last call review of draft-ietf-acme… Bo Wu via Datatracker