[Acme] Alexey Melnikov's Discuss on draft-ietf-acme-star-09: (with DISCUSS and COMMENT)
Alexey Melnikov via Datatracker <noreply@ietf.org> Sun, 29 September 2019 16:29 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F0D3120170; Sun, 29 Sep 2019 09:29:28 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Alexey Melnikov via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-acme-star@ietf.org, Rich Salz <rsalz@akamai.com>, acme-chairs@ietf.org, rsalz@akamai.com, acme@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.103.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Alexey Melnikov <aamelnikov@fastmail.fm>
Message-ID: <156977456805.21721.14788916437504551807.idtracker@ietfa.amsl.com>
Date: Sun, 29 Sep 2019 09:29:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/VlAbzRVxyDCnpei_w1hAQX2z4Ak>
Subject: [Acme] Alexey Melnikov's Discuss on draft-ietf-acme-star-09: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Sep 2019 16:29:28 -0000
Alexey Melnikov has entered the following ballot position for draft-ietf-acme-star-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-acme-star/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for this well written document. I have one small issue that I would like to discuss before recommending approval of this document: Section 6.4 and 6.6 don’t seem to specify IANA registration procedure for new subregistries. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- 1.1. Name Delegation Use Case The proposed mechanism can be used as a building block of an efficient name-delegation protocol, for example one that exists between a CDN or a cloud provider and its customers [I-D.ietf-acme-star-delegation]. At any time, the service customer (i.e., the IdO) can terminate the delegation by simply instructing the CA to stop the automatic renewal and letting the currently active certificate expire shortly thereafter. Note that in this case the delegated entity needs to access the auto-renewed certificate without being in possession of the ACME account key that was used for initiating the STAR issuance. Can you explain the last sentence? I am reading “in this case” as the delegated entity needs access to renewed certificate once delegation is cancelled, which doesn’t make sense. Please let me know if I misunderstood.
- [Acme] Alexey Melnikov's Discuss on draft-ietf-ac… Alexey Melnikov via Datatracker
- Re: [Acme] Alexey Melnikov's Discuss on draft-iet… Thomas Fossati
- Re: [Acme] Alexey Melnikov's Discuss on draft-iet… Alexey Melnikov
- Re: [Acme] Alexey Melnikov's Discuss on draft-iet… Thomas Fossati
- Re: [Acme] Alexey Melnikov's Discuss on draft-iet… Benjamin Kaduk
- Re: [Acme] Alexey Melnikov's Discuss on draft-iet… Salz, Rich