[Acme] Opsdir last call review of draft-ietf-acme-integrations-12

Bo Wu via Datatracker <noreply@ietf.org> Fri, 20 January 2023 09:54 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Bo Wu via Datatracker <noreply@ietf.org>
To: ops-dir@ietf.org
Cc: acme@ietf.org, draft-ietf-acme-integrations.all@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <167420847708.3508.5254633096572743730@ietfa.amsl.com>
Reply-To: Bo Wu <lana.wubo@huawei.com>
Date: Fri, 20 Jan 2023 01:54:37 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/KoVAn4FwrZYSy94EuHaUbLYKzyU>
Subject: [Acme] Opsdir last call review of draft-ietf-acme-integrations-12

Reviewer: Bo Wu
Review result: Has Nits

Hi,

I am the assigned ops reviewer for this draft.

This draft is an Informational draft, which defines the integration of ACME
with EST, Brisk, and TEEP for automatic certificate enrollment for devices.

It would be clearer if the draft title matchs the content,e.g. ACME integration
for device certificate enrollment.

Nits:

1) In Section 6, s/enrol/enroll
After establishing the outer TLS tunnel, the TEAP server instructs the client
to enrol for a certificate by sending a PKCS#10 TLV in the body of a
Request-Action TLV.

2) In Section 9, s/the the/the
An attacker that has access to them, can provision their own certificates into
the the name space of the entity.

Thanks,
Bo

[Acme] Opsdir last call review of draft-ietf-acme… Bo Wu via Datatracker