IETF Logo Mail Archive

Re: [Acme] WG Last Call for draft-ietf-acme-integrations-07

"Owen Friel (ofriel)" <ofriel@cisco.com> Wed, 29 June 2022 17:26 UTC

Return-Path: <ofriel@cisco.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82CEDC14F733 for <acme@ietfa.amsl.com>; Wed, 29 Jun 2022 10:26:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.604
X-Spam-Level:
X-Spam-Status: No, score=-9.604 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VEh76iYh; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=r6rgQye6
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e_oNhdPqlD56 for <acme@ietfa.amsl.com>; Wed, 29 Jun 2022 10:25:56 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 900B2C14F72A for <acme@ietf.org>; Wed, 29 Jun 2022 10:25:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=31094; q=dns/txt; s=iport; t=1656523556; x=1657733156; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=CstFL9VurZdR+qdG8XX/DWjC+R9EX7jk8sr+owRer2c=; b=VEh76iYh+550eVcbt2GXZtaM3E5bBaXL1O9Lv572W7cQBTiL6oQYHBX1 BUyd8JwrHTH6/cGfkTZzI+RFRnCQ3UJC4F2JM3LKPjLtIL6RSUGA07cJ9 O+RtORFfiS0hpX670irwLq+HRCLLWba3liJK7p+Lze8BEwTx34VORS8l8 0=;
X-IPAS-Result: A0BaBgDRirxi/4cNJK1aHgEBCxIMggQLgSExUgd4Alk6RIROg0wDhTGFCoMCA4sdhTWKdYEsgSUDVAsBAQENAQEsAQwJBAEBhQQCFoU0AiU0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwSBCROFaA2GQgEBAQEDAQEQCwYKEwEBLAsBDwIBCBEDAQEBIQcDAgICHwYLFAkIAgQBDQUIGoJcgg5XAzADAQ6fVAGBPwKKH3qBMYEBgggBAQYEBIFNQYMADQuCOAMGgT2DFYMIgSwBAYEngWeEHiccgUlEgRVDgmc+giBCAQECAYFFGh4NCYMgN4IujROMcQc4A0cvEoEgbgEIBgYHCgUwBgIMGBQEAhMSUxwCEgwKGw5UFwwPAxIDEQEHAgkSCBUrCAMCAwgDAgMgCwIDFgkHCgMdCAocEhAUAgQRHgsIAxkeLAkCBA4DQAgLCgMRBAMTGAkWCBAEBgMILw0nCwMFDw0BBgMGAgUFAQMgAxQDBSQHAyEPJg0NBBsHHQMDBSUDAgIbBwICAwIGFQYCAm4uDQgECAQ3JA8FAgcvBQQvAh4EBQYRCAIWAgYEBQIEBBYCEAgCCCcXBxMzGQEFWRAJIRwpCgYFBhYDIW4FRQ8oNDY8LB8bCoEaLCsWAwQEAwIGGgMDIgISKQY3AxYGJgUEHwGXDIR4NGUEFD8gAjkgH0AoAgUMkmUJg2GKB4QKigOSH2sKg06LIY53hhoVg3WMQwOYKZV9C2oggiuKZoNdkE9JAYRyAgQCBAUCDgEBBoFhPCuBLnAVGiGCaFEZD4gAhiAMFoNQhRSFSnU7AgYBCgEBAwmPBQEB
IronPort-PHdr: A9a23:3kwlvRObwkEWF1JaCnUl6ncDWUAX0o4cdiYZ6Zsi3rRJdKnrv5HvJ 1fW6vgliljVFZ7a5PRJh6uz0ejgVGUM7IzHvCUEd5pBBBMAgN8dygonBsPNAEbnLfnsOio9G skKVFJs83yhd0ZPH8OrbFzJqXr05jkXSX3C
IronPort-Data: A9a23:WvAJaK5u5PlSXMD811yLhQxRtHXGchMFZxGqfqrLsTDasY5as4F+v jBKWG2GPPmKYDDzLtF/PNm0/EpXvpeBydFhHAs6+ShmZn8b8sCt6fZ1gavT04J+CuWZESqLO u1HMoGowPgcFyOa/FH1WlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2uaEuvDkRVLX0 T/Oi5eHYgX9hWQlajt8B5+r8XuDgtyj4Fv0gXRmDRx7lAe2v2UYCpsZOZawIxPQKmWDNrfnL wpr5OjRElLxp3/BOPv8+lrIWhFirorpAOS7oiE+t55OLfR1jndaPq4TbJLwYKrM4tmDt4gZJ N5l7fRcReq1V0HBsLx1bvVWL81xFYNn36/qcVaAivOC6U3FUl/v3MpFCk5jaOX0+s4vaY1P3 fUcLDZIZReZiqfshrm6UeJrwM8kKaEHPqtG5Somlm+fVK1gGMueK0nJzYcwMDMYgc5UHPvaT 8EYcjFoKh/HZnWjP39HWcxmxbjy2CiXnztwlwqugK8+x1DonSNY6aOyFNbRVtGFbJAA9qqfj iecl4jjOTkWOdeYzj6I2miliu7SmGX9U5kZUri58pZCiVaWy0QSBQEYE1yhrpGRhkO0UNVYL 0EFowIhqKEz8AqgSdyVYvGjiHeAuhhZUN1KHqhgrgqM0aHTpQ2eAwDoUwJ8VTDvj+duLRRC6 7NDt4qB6eBH2FFNdU+gyw==
IronPort-HdrOrdr: A9a23:8dUBaK724NyTsQez/APXwXaBI+orL9Y04lQ7vn2ZFiY6TiXIra +TdaoguSMc0AxhJE3Jmbi7Sc29qADnhOFICOgqTPqftWzd2VdAQ7sSlbcKrweQeREWs9QtqJ uIEJIOROEYb2IK9voSiTPQe71Lrbn3k5xAx92utUuFJjsaDJ2Imj0JczpzZXcGIjWua6BJca a0145inX6NaH4XZsO0Cj0uRO7YveDGk5rgfFovGwMnwBPmt0Lm1JfKVzyjmjsOWTJGxrkvtU LflRbi26mlu/anjjfBym7o6YhMkteJ8KoMOCXMsLlVFtzfsHfqWG1TYczBgNnzmpDr1L8eqq iNn/7nBbU215qeRBDznfKn4Xif7N9n0Q6S9bbfuwqknSQ8LwhKU/aoQuliA0LkAgMbzaFB+b MO0GSDu5VNCxTc2Cz7+tjTThlv0lG5uHw4jIco/jRiuKYlGclsRLYkjQpoOYZFGDi/5JEsEe FoAs2Z7PFKcUmCZ3ScumV02tSjUnk6Ax/DGyE5y4ao+ikTmGo8w1oTxcQZkHtF/JUhS4Nc7+ CBNqhzjrlBQsIfcKo4DuYcRsm8DHDLXHv3QSmvCEWiELtCN2PGqpbx7rlw7Oa2eIYQxJ93g5 jFWEMwjx9ER6svM7z74HRmyGG+fIzmZ0Wf9ih33ekNhoHB
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.92,231,1650931200"; d="scan'208,217";a="896017269"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 29 Jun 2022 17:25:55 +0000
Received: from mail.cisco.com (xfe-rcd-005.cisco.com [173.37.227.253]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 25THPt6J005392 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Wed, 29 Jun 2022 17:25:55 GMT
Received: from xfe-rtp-002.cisco.com (64.101.210.232) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Wed, 29 Jun 2022 12:25:54 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Wed, 29 Jun 2022 13:25:54 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LFZ5iUuaewH1+xTd6MHBSRlAsNowBHphIFGyNG2eeiKXMLJwL7wZFanzvOnJwNULbwVULILc9vvc5i8UIakkNaZNB4AaCpG/5tYlUEBRQa5RcYcz8jcqqxkDSgs3he6krwGaq61z+sKfMargLwAcPyofDr2SmTlBzRnoQfrRqTNB4OBHmtSU4me1oOxmeqBCegMR1rSVoBgPPVWsohB1M2eqgMeHEK3+bPvs3l4r1GPoA42psn6wWlxhetSbjKWY5LUO8r7KnlRT5I4QksC5y81F5R6npgDqz4YYIxoGiZKI8zb9NpYvYGftP69J4IJolvX+n6x4bwvxsn4Z88BLXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CstFL9VurZdR+qdG8XX/DWjC+R9EX7jk8sr+owRer2c=; b=Qmc/QBWZRkvYgzSeMy7y0ZFID+0M29WheuVD00oTOi5w83O5wxY77Jod09vWkQu14m1fRt65/apIATH20I2fdtW1jIAQcafednxgw2e33YDg2koKeKhmMKiDSqYJw6+l5UzvP76A5OpdiarAdHs1OdlKexD3Q0fk8iBGo1FUo7J1oE5uRfZJwkk7n0LmR/R7/+yz93E0Ibvb01zwkfQCl8g7qC4yEeHJvGRwDJoAYIPpHUBa3Fpfd7e6ZgLxabH33IJYTI/HyIn3uCN82QlWjBVtGHlu2aJur8buK2eFrT4F8ZaOU9twPlkKB1dtyHDWtqqeXHULGGw9P7cDjWAoSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CstFL9VurZdR+qdG8XX/DWjC+R9EX7jk8sr+owRer2c=; b=r6rgQye6qdUP5SNSDDwI7FWqp+4JqKkY2pY9W7tDY9kXp1GdJHvo8fXO2y4IIOHjeONSLr6C3t+sbe1mvLNlNKMKDVSWWptiV1udwM6eGrhGazwTo9tt9mgKL5p4J+HUOvD4oBCGV6xNAqv4gjTCT2XYjQPnaL2IvmyQWUp3fSs=
Received: from DS0PR11MB6445.namprd11.prod.outlook.com (2603:10b6:8:c6::11) by BN7PR11MB2579.namprd11.prod.outlook.com (2603:10b6:406:ab::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5373.18; Wed, 29 Jun 2022 17:25:52 +0000
Received: from DS0PR11MB6445.namprd11.prod.outlook.com ([fe80::467:b2c1:fe06:74b0]) by DS0PR11MB6445.namprd11.prod.outlook.com ([fe80::467:b2c1:fe06:74b0%6]) with mapi id 15.20.5373.018; Wed, 29 Jun 2022 17:25:52 +0000
From: "Owen Friel (ofriel)" <ofriel@cisco.com>
To: Deb Cooley <debcooley1@gmail.com>, IETF ACME <acme@ietf.org>
CC: Dorothy E Cooley <decoole@radium.ncsc.mil>
Thread-Topic: [Acme] WG Last Call for draft-ietf-acme-integrations-07
Thread-Index: AQHYcO+IsBQ268z1R0Gfh2LnwcR9b60xNwmAgAGGuICAHzoNgIAU32Dg
Date: Wed, 29 Jun 2022 17:25:52 +0000
Message-ID: <DS0PR11MB64456CDA4938220D73A32AE3DBBB9@DS0PR11MB6445.namprd11.prod.outlook.com>
References: <CAGgd1OfQ6D-1GXkBHrSi3CvRZFqzvZaLCPz1mbKgUXij2=L6Ww@mail.gmail.com> <ACB2EC99-69D1-4294-8692-F9021C03C0DA@vigilsec.com> <E81B9D37-ECB3-442D-8270-95DE68406D02@redhoundsoftware.com> <CAGgd1OcQmqBweKKgjYxP5se4q5UYmNjA87SN3SV770+xk7ss7Q@mail.gmail.com>
In-Reply-To: <CAGgd1OcQmqBweKKgjYxP5se4q5UYmNjA87SN3SV770+xk7ss7Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 19978b39-9947-483f-e37f-08da59f46aba
x-ms-traffictypediagnostic: BN7PR11MB2579:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9rrzI37XAbFzhayZk04Y0EC/JewTUnQ4K23pyxPGT/UrRf2X50cL0r7B8e+er5WhcuynJoehPcJF+c98wmf+ajTkHdIkycqZze2ByVc0grvHptDjC5MiHX6J/gMBv+9JWW2vSguWM4wwfgvuY+ydpd1ECeoCWHfr8TfUiHLRpQPjWQmgDieLfvjx3Cd6MOg+VEj4iyQs3ppCzHexl47OZ/J9rpbHO6F6QpAHxQRGaf99No8pT5+4dnTgpyB8S3AY3glHeT0DKmEAQSOSLlqPthkrK+paJHsHAM1wMdC7N9eHK3U9LKGphPYa7P7amtQAtwwjhqlfYPE2cjS7/1egkIbErBDKprWW4wE04CmFZk5ykqSui9+WOhBE4jNLDqxMGdjs8/e44jOdILADDsqADaoJbe08L/gQc0LClIrZp7BXAXMip6SmOmt/8OU2Hd5kAFUGsHHMH0L43Xm45o99fNzUSCslZ1gB+wgawhPjk6wKLoUFQ/wdpHZ0FLJfUWVl0A3Z0G8ZBDeQLcJEcYuToacBOTHS6ef8I/sEN+dfEBfvgrbprIYXTZAboMBT7cjT5aWBep0571Qu7tWGsLAUQlVx5aEhj4ex0AttDJU0WI01tDzIzYSa0rsJbuAOo5SiK4rzyA0fBVDwfOk2WRH+qpaQiyQeoO9K2O/PATW0ZnZxsenBWB3ZHFP79fC6uAgedT1MahE2KC3W/TiEkGMQW5mOTC3bRU49GmhOBFyxC2ZDz78m33OegyJO7c0n3JQOskeq1xHCCs537BcE6ru5YokgCyI/8Bq55w9Kc+j7fR4EaVGMY/lI0HVkwV2eXjg3aNu+QMZrfiy24raZB14Kl0eSBvDxhaWSuBrDNaUPoS4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DS0PR11MB6445.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(376002)(136003)(366004)(396003)(346002)(39860400002)(6506007)(7696005)(966005)(8676002)(122000001)(478600001)(66946007)(316002)(8936002)(33656002)(86362001)(53546011)(64756008)(4326008)(66446008)(166002)(66476007)(26005)(41300700001)(66556008)(9686003)(38070700005)(38100700002)(83380400001)(76116006)(110136005)(5660300002)(55016003)(2906002)(71200400001)(186003)(52536014)(9326002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: mcA9TV9Hz412T/qeMCMz3toOWFMd053+umJT3RTA3ZMyHDAaNzETMBbYumpsICm8aWRUu8omR0XP30AG/dyYrSxDfUKsib3DjjmxUii3tuT2Y1ZH4YEniZ2a/56KkHK91V5980Bag60X0hq0gbMZUAWei8Be5cd65+moE9nGx4Ek5IigKhDejP58j1ifXVdb1UAaX8KCRzWqSwvX92vlLF82abugRjp4W5E/VqAcGhRKSjS2PRRV4mBQhSHqikmj0IBEnLCZOquEGBeC90rZSg9AM7zWtOgm651CWtOaW7YObrWttgpSgbgRLQRIuAoHVYzr5EhlELQUhXSHgtUEgGEKxpxknSEvgeqa0ztzb0XWqsQ8fRfI8kHVGlDy+Pf3Q6GBL4weDBDTB9VKv3QQkDKy3qa0S2oZbmmJl8S0vwWrLfXOwme4Tcx7mvm8+/lzI40oSIAi3mjXuEIZJ1Xj+ngCKyttajidVsGhcrfHHK0ju6MkDlOWB61qvxPp/0yvdiazpsNRDEdkzNLD19gfPxopYZLxcUBzbqfpTjOZohb3naxwp7IWeqSRIZWoZlSdQA4fKR432ZRfp5psvhbe6pmKPehiSyv8diunJiByLM2vX46/kkNtHlJRqumPwCkFdxbYllu8IfWiRPw6awlhyM0b9zwzLWB0MZiQB6FyARLBZ2+awIGyA2efnSInp6u84iNFG7MSLiOhBnCXH48HgSBEi15XCJvwQNPi/1g4LczgvmFs+k2Xe9pwYma2thRl62Jn9aG4NiotVYJi3ZP9kpKeXw8nwupqfKF+Acx4rSGbkIUn5I/NXM2YjZoBkKknsJm7FrfgTsc1BhRJ9ZymJOsXl1a5SltxD46e7IeHWzOkOEvvc8ZTgTtfLxZr4oYO+mr05p2DPiiupHzAl2e6kjamm2vizdDUUmrSoi0as8k4mYXkL/4hXZnWoWy68RqjmmmLY4drJsVDlWA7kFv6HXvYfb2oMpzI8Jhrwc5XMJc4/HcVkURGBXHA+6Un1vsO5t+cv5aUF+rkZRbaFzNfaQpPkQV/kXCSUyqFHsp3hntUkY6G3IPQtyuyvPofMhphQmEY3oZV44Vh+gYrhlapj83euALHAtjeJco7Lo/va6QW9wEGFzNUrc84wMdSC23voOI8rhphxYHwpqUACddfE/IprrNtf1Wo2VojDhbFFrftTc90vLDEenTQqSZ8Y3euERgrwJVYXqb2tj2jSiz4FVq1O8TKpbLV4HoghyOd/HIdvjfc/I3cqiLcWQ7rt2uwrUj2rVY5M+v9V42MNxia+6wVNdsvdJitHNeauqv5tXpMjIiC9vEhzeREGGfY+3eadqPT8XRWGi+kfUcrhKTKnM4ePeLHCoK3ranA69n7InXJI3lGWDzzl90r9PoDfEif3AuEAyM3Sn7RG/K0O/wDH9a5hcbgZJGXVhlJGGJ5qSx0P3nz2FPNF/sphvWg+5TBLYVZP/k+/S3lVFVsuweSIzFp4uTkOToI4GpdkAYTk+dC6Wyzk4dM9Quf928VgR4zAcdXmuqOlXzdgrmmiOWWC5bR5xSvIAB/KcNYikMBwm0=
Content-Type: multipart/alternative; boundary="_000_DS0PR11MB64456CDA4938220D73A32AE3DBBB9DS0PR11MB6445namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6445.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 19978b39-9947-483f-e37f-08da59f46aba
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jun 2022 17:25:52.3715 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jh3zR3Ty26MCmewtBIfJkU3KtHrwvObUwfC3c7mdummih6aWK92ydmXxl+wWzteiDo79+uP56zmwbngyW2jUXw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2579
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.227.253, xfe-rcd-005.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/_HYH764MSNKv0kBj3lg4TxfrQpo>
Subject: Re: [Acme] WG Last Call for draft-ietf-acme-integrations-07
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2022 17:26:01 -0000

Hi,
There were 12 individual comments/issues raised. I tracked them all as separate github issues. 10 have been addressed and fixes checked into https://github.com/upros/acme-integrations.
There are only two outstanding issues, and we are noodling over the correct text.
Expect an update in the next couple of days and draft-ietf-acme-integrations-08 to be pushed.
Thanks for the detailed comments.
Owen

From: Acme <acme-bounces@ietf.org> On Behalf Of Deb Cooley
Sent: Thursday 16 June 2022 18:36
To: IETF ACME <acme@ietf.org>
Cc: Dorothy E Cooley <decoole@radium.ncsc.mil>
Subject: Re: [Acme] WG Last Call for draft-ietf-acme-integrations-07

Thanks for the two reviews w/ comments.  When the authors have addressed the comments, we can issue a short WGLC.

For the ACME chairs,
Deb Cooley

On Fri, May 27, 2022 at 9:44 AM Carl Wallace <carl@redhoundsoftware.com<mailto:carl@redhoundsoftware.com>> wrote:
I’ll reply here to add one comment. The introduction of the potential for errors due to domains the RA is authorized for and those may be requested is not called out to any extent. It is likely something that is mostly addressed by authentication to the RA and could be noted as such in section 7.1.  Section 7.5 gets at the issue with the mapping for badIdentity, but it could be called out as something that occurs upon submission of request to the RA (vs mapping an ACME error back to the protocol of interest after failed interaction with the ACME server).

From: Acme <acme-bounces@ietf.org<mailto:acme-bounces@ietf.org>> on behalf of Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>
Date: Thursday, May 26, 2022 at 10:25 AM
To: Deb Cooley <debcooley1@gmail.com<mailto:debcooley1@gmail.com>>, Dorothy E Cooley <decoole@radium.ncsc.mil<mailto:decoole@radium.ncsc.mil>>
Cc: IETF ACME <acme@ietf.org<mailto:acme@ietf.org>>
Subject: Re: [Acme] WG Last Call for draft-ietf-acme-integrations-07

I have a few comments.  Only one of them will be difficult to sort out.

Section 1, para 1: Please add a cite to [RFC5280] after "X.509 (PKIX) certificate".

Section 1, last para: Please reword.  Something like:

   Optionally, ACME for subdomains [I-D.ietf-acme-subdomains] offers a
   useful optimization when ACME is used to issue certificates for large
   numbers of devices; it reduces the domain ownership proof traffic as
   well as the ACME traffic overhead.  This is accomplished by completing
   a challenge against the parent domain instead of a challenge against
   each explicit subdomain. Use of ACME for subdomains is not a
   necessary requirement.

Section 2: Please add a reference for CSR.  Consider [RFC2986].

Section 2: Please add a reference for RA.  Consider [RFC5280].

Section 2: Please add a reference for TLV.  Consider [RFC7170].

Section 4: Please fix the markdown typo: Refer to section {csr-attributes} for more details.

Section 7.2 says:

   EST [RFC7030] is not clear on how the CSR Attributes response should
   be structured, and in particular is not clear on how a server can
   instruct a client to include specific attribute values in its CSR.
   [I-D.richardson-lamps-rfc7030-csrattrs] clarifies how a server can
   use CSR Attributes response to specify specific values for attributes
   that the client should include in its CSR.

   Servers MUST use this mechanism to tell the client what identifiers
   to include in CSR request. ...

This is a MUST, but is is not really nailed down.  Can we get to a simple MUST statement here?  If not, can we at least narrow the possibilities?

Section 7.2: s/The identifier must/The identifier MUST/

Section 7.3: s/certificate MAY be omitted from the chain/certificate SHOULD be omitted from the chain/

Section 7.3.2: Please provide references for PKCS#7 and PKCS#10.

Section 7.4: s/id-kp-cmcRA extended key usage bit/id-kp-cmcRA extended key usage OID/ (multiple places)

Russ


On May 26, 2022, at 6:58 AM, Deb Cooley <debcooley1@gmail.com<mailto:debcooley1@gmail.com>> wrote:

Title:  ACME Integrations

Authors: O.Friel, R.Barnes, R. Shekh-Yusef, M.Richardson

Datatracker: https://datatracker.ietf.org/doc/draft-ietf-acme-integrations/<https://datatracker.ietf.org/doc/draft-ietf-lamps-8410-ku-clarifications>

This document outlines multiple advanced use cases and integrations that ACME facilitates without any modifications or
enhancements required to the base ACME specification.  The use cases include ACMEintegration with EST, BRSKI and TEAP.

Please respond to this WG last Call by 9 June 2022.

For the ACME WG Chairs,
Deb
_______________________________________________
Acme mailing list
Acme@ietf.org<mailto:Acme@ietf.org>
https://www.ietf.org/mailman/listinfo/acme

_______________________________________________ Acme mailing list Acme@ietf.org<mailto:Acme@ietf.org> https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email