[Acme] Re: AD comments on draft-ietf-acme-device-attest
Michael Richardson <mcr+ietf@sandelman.ca> Sat, 27 December 2025 17:16 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: acme@mail2.ietf.org
Delivered-To: acme@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CABC99FCDDAC; Sat, 27 Dec 2025 09:16:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id icNXSCfnsNAh; Sat, 27 Dec 2025 09:16:34 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 5FC219FCDDA4; Sat, 27 Dec 2025 09:16:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id DEB6F3942C; Sat, 27 Dec 2025 12:16:33 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavis, port 10024) with LMTP id ht6WV6CV2Ut7; Sat, 27 Dec 2025 12:16:32 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1766855792; bh=Sq+++KCWsqUNYuw9GAaSlbIn+aKbrk5noCOMHcC0INk=; h=From:To:Subject:In-Reply-To:References:Date:From; b=ip1AUVBVUjkNtK7d6yC36hZWOEyKEpGhocYqnl5mjPLxDjH+LCYAkSdaKw5HBLzNf aj50uKHlUPJD3yb8XoZHeQyTQk4IFNAzoTklCA4jPzAXaSz3wKrA7+H5x8lfFzs+2m GtfzC5Vy9fKH/5Sn+K69ksrBfTDCrKsDJdr7iHvORvdT3NhAgb2VV7CyLdJ0Qeblvj zfcXgtNItkkvgBFyDCQanN046AUZXLj+kNTEACBH3b2qVVUEstV9rEQfZo7qKYO0hK 7NDi4R4RIW8s5MNXclp6e5ttXn+rx7sPAdHmUbMBxCaLc2YwiZ/oMG2YS5DcEOosV6 Bcgb5lXY1ubZA==
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4F9E03942B; Sat, 27 Dec 2025 12:16:32 -0500 (EST)
Received: from obiwan.sandelman.ca (obiwan.sandelman.ca [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 47A5B182; Sat, 27 Dec 2025 12:16:32 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Deb Cooley <debcooley1@gmail.com>, draft-ietf-acme-device-attest.authors@ietf.org, "<acme-chairs@ietf.org>" <acme-chairs@ietf.org>, IETF ACME <acme@ietf.org>
In-Reply-To: <CAGgd1Oc2mJebUP07_QdU+rD2du6=rLY=jLGGbExYj4y10f2S4A@mail.gmail.com>
References: <CAGgd1Oc2mJebUP07_QdU+rD2du6=rLY=jLGGbExYj4y10f2S4A@mail.gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; Emacs 30.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sat, 27 Dec 2025 12:16:32 -0500
Message-ID: <10927.1766855792@obiwan.sandelman.ca>
Message-ID-Hash: FGUAWKOUIT72TYHHOEUW3RKTEIG6V74W
X-Message-ID-Hash: FGUAWKOUIT72TYHHOEUW3RKTEIG6V74W
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-acme.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Acme] Re: AD comments on draft-ietf-acme-device-attest
List-Id: Automated Certificate Management Environment <acme.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/rov_zSykhT9NC2bzb1AuKX5YnOY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Owner: <mailto:acme-owner@ietf.org>
List-Post: <mailto:acme@ietf.org>
List-Subscribe: <mailto:acme-join@ietf.org>
List-Unsubscribe: <mailto:acme-leave@ietf.org>
Deb Cooley <debcooley1@gmail.com> wrote:
> Here are my comments on this draft. There is one that has broader
> implications (*). I'd like to see this addressed by the working group
> (specifically, why is there a need for multiple attestation challenges).
My long-standing comment is that this document is slightly mis-named.
I'm not sure if you asking why this document permits multiple (ACME)
challenges, or why there is more than one document with the name
"Attestation" in the title.
I would have called this document something like:
"Device Hardware Identifiers"
The process described has nothing to do with RFC9334 or DICE or TCG!
To me, this is akin to recording the Vehicle Indentification Number (VIN) as
part of a bill of sale or while applying for insurance. The VIN won't tell
you who *owns* the car [or if it passed a safety/emission test], but it will
tell you if the insurance slip [or emission test results] I show the police
is really for that vehicle, or for my *other* F-150^WVolkswagon Diesel.
> Also, I recognize that I'm posting these during the holidays. I certainly
> don't expect authors to respond until after the new year.
:-)
> *Section 1, last para: I am assuming that the authors believe the rats
> work is substantially far into the future? (Or why would we publish the
> challenge device-attest-01 if the rats work would replace it?). With any
> 'SHOULD' one needs to outline when one might ignore the SHOULD.
It won't replace it, it might complement it.
> Section 7.3: What is the bullet 'Change Controller' meant to accomplish?
It tells IANA who can update this entry.
You might benefit from reading my email at:
https://mailarchive.ietf.org/arch/msg/rats/zu3Mqm-FOm2pAi1GymfDVHey-7s/
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
- [Acme] AD comments on draft-ietf-acme-device-atte… Deb Cooley
- [Acme] Re: AD comments on draft-ietf-acme-device-… Michael Richardson
- [Acme] Re: AD comments on draft-ietf-acme-device-… Deb Cooley
- [Acme] Re: AD comments on draft-ietf-acme-device-… Sven A Rajala