[Acme] Benjamin Kaduk's Yes on draft-ietf-acme-email-smime-13: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Wed, 13 January 2021 23:04 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B373E3A14AD; Wed, 13 Jan 2021 15:04:04 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-acme-email-smime@ietf.org, acme-chairs@ietf.org, acme@ietf.org, Rich Salz <rsalz@akamai.com>, rsalz@akamai.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.24.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <161057904471.2324.12947727774252338093@ietfa.amsl.com>
Date: Wed, 13 Jan 2021 15:04:04 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/OV2mwzKu46uDi5zQ32ieZB0t5II>
Subject: [Acme] Benjamin Kaduk's Yes on draft-ietf-acme-email-smime-13: (with COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2021 23:04:05 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-acme-email-smime-13: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-acme-email-smime/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the updates to get to the -13; they look really good. The new text did inspire one further comment, though I don't see a particular text change that might result, plus I spotted a few editorial nits. Section 1 1. A Mail User Agent (MUA) which has built in ACME client aware of the extension described in this document. (We will call such ACME clients "ACME-email-aware") Such MUA can present nice User Interface to the user and automate certificate issuance. (nit?) In the parenthetical, are we calling the ACME clients or the MUA "ACME-email-aware"? Also, full stop for the end of the sentence. Section 3 (nit?) In step 8, the MUST-level requirement in the last sentence probably promotes it into not being a parenthetical. Section 3.1 If S/MIME signing is used, the certificate corresponding to the signer MUST have rfc822Name subjectAltName extension with the value equal to the From header field email address of the "challenge" email. A strict equality requirement might make it operationally challenging to use a unique "from" challenge for each request. I don't see any feasible alternative, though, as getting into + suffixes in the local part seems like a non-starter for this document. Also, nit: s/subjectAltName extension/a subjectAltName extension/
- [Acme] Benjamin Kaduk's Yes on draft-ietf-acme-em… Benjamin Kaduk via Datatracker
- Re: [Acme] Benjamin Kaduk's Yes on draft-ietf-acm… Alexey Melnikov