[Acme] Secdir last call review of draft-ietf-acme-integrations-12
Joseph Salowey via Datatracker <noreply@ietf.org> Thu, 19 January 2023 05:44 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 49414C1524AC; Wed, 18 Jan 2023 21:44:43 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joseph Salowey via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: acme@ietf.org, draft-ietf-acme-integrations.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 9.5.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <167410708329.8289.7733127637522282481@ietfa.amsl.com>
Reply-To: Joseph Salowey <joe@salowey.net>
Date: Wed, 18 Jan 2023 21:44:43 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/cIN6fOVv4Szyp6hWgObqHzBmEmI>
Subject: [Acme] Secdir last call review of draft-ietf-acme-integrations-12
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2023 05:44:43 -0000
Reviewer: Joseph Salowey Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is the document is Ready The document describes the integration of Acme with various enrollment protocols. For the most part it seems straight forward. I have one question, bot EST and TEAP allow the option for the client to bind the PKCS#10 message to the TLS tunnel by inserting the TLS unique into the message challenge password field. The draft makes no mention of this facility, should it? I we expect that the default expectation would be this would be included unless there was a reason not to.
- [Acme] Secdir last call review of draft-ietf-acme… Joseph Salowey via Datatracker