[Acme] Secdir last call review of draft-ietf-acme-integrations-12

Joseph Salowey via Datatracker <noreply@ietf.org> Thu, 19 January 2023 05:44 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joseph Salowey via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: acme@ietf.org, draft-ietf-acme-integrations.all@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <167410708329.8289.7733127637522282481@ietfa.amsl.com>
Reply-To: Joseph Salowey <joe@salowey.net>
Date: Wed, 18 Jan 2023 21:44:43 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/cIN6fOVv4Szyp6hWgObqHzBmEmI>
Subject: [Acme] Secdir last call review of draft-ietf-acme-integrations-12

Reviewer: Joseph Salowey
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is the document is Ready

The document describes the integration of Acme with various enrollment
protocols.  For the most part it seems straight forward.

I have one question, bot EST and TEAP allow the option for the client to bind
the PKCS#10 message to the TLS tunnel by inserting the TLS unique into the
message challenge password field.  The draft makes no mention of this 
facility, should it?  I we expect that the default expectation would be this
would be included unless there was a reason not to.

[Acme] Secdir last call review of draft-ietf-acme… Joseph Salowey via Datatracker