[Acme] Review of draft-friel-acme-subdomains-02

Russ Housley <housley@vigilsec.com> Tue, 04 August 2020 22:44 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 329463A0EB0 for <acme@ietfa.amsl.com>; Tue, 4 Aug 2020 15:44:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P1skhQh52o3O for <acme@ietfa.amsl.com>; Tue, 4 Aug 2020 15:44:09 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B4F93A0EAC for <acme@ietf.org>; Tue, 4 Aug 2020 15:44:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id AAF63300AAB for <acme@ietf.org>; Tue, 4 Aug 2020 18:44:06 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8LC2jFBzjsQS for <acme@ietf.org>; Tue, 4 Aug 2020 18:44:05 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id A53AD300AA6 for <acme@ietf.org>; Tue, 4 Aug 2020 18:44:05 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\))
Message-Id: <39F039BC-BFEA-49D4-9D75-267A5446FE99@vigilsec.com>
Date: Tue, 4 Aug 2020 18:44:07 -0400
To: IETF ACME <acme@ietf.org>
X-Mailer: Apple Mail (2.3445.104.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/haUr8hnyrtnTxcf8_9jB80WjAJY>
Subject: [Acme] Review of draft-friel-acme-subdomains-02
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 22:44:10 -0000

Document: draft-friel-acme-subdomains-02
Reviewer: Russ Housley
Date: 2020-08-04

Major Concern:

The TODO markers regarding wildcard domain names, the 200 response
code, and the security considerations should be filled in with
strawman text before this I-D is adopted by the ACME WG.


Minor Concerns:

General: s/certificate authority/certification authority/ (many)

Abstract: s/certificate authority policy/certificate policy/

Introduction: s/X.509 (PKIX)/X.509v3 (PKIX) [RFC5280]/

Terminology: Correct CA, please.  See above.

Terminology: Please add a definition of subdomain.


Nits:

Section 3: says:

   3.  client sends POST-as-GET requests to retrieve the
       "authorizations", with the downloaded "authorization" object(s)
       containing the "identifier" that the client must prove control of

s/client must prove control of/client must prove that they control/

There is something wrong with the table formatting in Section 6.2.