[Acme] Barry Leiba's No Objection on draft-ietf-acme-ip-06: (with COMMENT)
Barry Leiba via Datatracker <noreply@ietf.org> Thu, 26 September 2019 22:23 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 87FC3120841; Thu, 26 Sep 2019 15:23:32 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-acme-ip@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, acme-chairs@ietf.org, cpu@letsencrypt.org, acme@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.103.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Barry Leiba <barryleiba@computer.org>
Message-ID: <156953661255.10377.12261753673776528622.idtracker@ietfa.amsl.com>
Date: Thu, 26 Sep 2019 15:23:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/N-YP-34-mVjeVp24PjbOupFNWZg>
Subject: [Acme] Barry Leiba's No Objection on draft-ietf-acme-ip-06: (with COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2019 22:23:33 -0000
Barry Leiba has entered the following ballot position for draft-ietf-acme-ip-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-acme-ip/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I have only editorial comments below. No response is needed — please just consider incorporating these, as I think they’ll help make the document clearer. — Introduction — The Automatic Certificate Management Environment (ACME) [RFC8555] only defines challenges for validating control of DNS host name identifiers which limits its use to being used for issuing certificates for DNS identifiers. This needs a comma before “which”. — Section 2 — Please use the new BCP 14 boilerplate and references (see RFC 8174). — Section 3 — [RFC8555] only defines the identifier type "dns" which is used to refer to fully qualified domain names. Similarly: needs a comma before “which”. — Section 4 — IP identifiers MAY be used with the existing "http-01" and "tls-alpn- 01" challenges from [RFC8555] Section 8.3 and [I-D.ietf-acme-tls-alpn] Section 3 respectively. This is OK as it is, so take this or leave it as you will, but to my eyes the citations are needlessly separated from their anchors. I would re-order it this way: NEW IP identifiers MAY be used with the existing challenges "http-01" (see Section 8.3 of [RFC8555]) and "tls-alpn-01" (see Section 3 of [I-D.ietf-acme-tls-alpn]). END — Section 5 — The textual form of this address MUST be those defined in [RFC1123] Section 2.1 for IPv4 and in [RFC5952] Section 4 for IPv6. The subject is singular, so “those” doesn’t work. An easy fix is to use “as defined”. — Section 6 — For the "tls-alpn-01" challenge the subjectAltName extension in the validation certificate MUST contain a single iPAddress which matches the address being validated. This needs “which” changed to “that”, to make it a restrictive clause.
- [Acme] Barry Leiba's No Objection on draft-ietf-a… Barry Leiba via Datatracker