IETF Logo Mail Archive

[Acme] Re: AD comments on draft-ietf-acme-device-attest

Deb Cooley <debcooley1@gmail.com> Wed, 06 May 2026 11:03 UTC

Return-Path: <debcooley1@gmail.com>
X-Original-To: acme@mail2.ietf.org
Delivered-To: acme@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 6FD19E9D1B08 for <acme@mail2.ietf.org>; Wed, 6 May 2026 04:03:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778065382; bh=BJ7/4sDRKgNq636g9uabVUjdN57IwbxdWIagxAUHx1s=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=nMCpfZ6z9DE6bSWP21FeU06xo1lj9lColOgnchjvNKjnfNWPFho/wKY3xHNGrBBtj K5Xct5tjgzthyHCFrE6rCUi2rgnnoh1nU5Cu5M3uYxp/JNPIloofHXP0cXy0gUFlji AkG3tHSqwcXZRQBrCzaxNfVOo8rGBXiwUSrvr7NA=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -0.848
X-Spam-Level:
X-Spam-Status: No, score=-0.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CdteINJhTfCG for <acme@mail2.ietf.org>; Wed, 6 May 2026 04:03:02 -0700 (PDT)
Received: from mail-dy1-x1330.google.com (mail-dy1-x1330.google.com [IPv6:2607:f8b0:4864:20::1330]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4F65EE9D1AE2 for <acme@ietf.org>; Wed, 6 May 2026 04:03:00 -0700 (PDT)
Received: by mail-dy1-x1330.google.com with SMTP id 5a478bee46e88-2f36da5c8fbso2720065eec.0 for <acme@ietf.org>; Wed, 06 May 2026 04:03:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1778065379; cv=none; d=google.com; s=arc-20240605; b=XrPafJD7My4yRbM1KwIRtsxr3nkpdsqbXxgx7CBPohwyEaZ0sx4EMqK36D+ociRfZt bUOhM25qkMAm76RFyUQG0o7HhytHYSlxApM3HvveCq4JqdESefJH/jnxzWfFc1zaErRG tjKZdN78wIRZeNL1+yq20jl7ndFm1m2QupGjMbJBIOrR6KY7GFy9FDrK58t3QbmAitRW FMPWTjMXuJ7Hjs1k6M1y+CXkCpu+1RzOSuCutjQKyuooz2USkEFtTaDqDvSt5P7+m1Sp EW2pCqdUDzx3I9oem8hQGyqkji9VQdlfJ4HndJZQoL9pJ+wfdBxkjZ3CA38nBYvQDA1m sIow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=5orqycrEOYeD1J2GyhUBI2LVqYLlvZ0UXCfWN3ISu+U=; fh=pOVfymRY+jkMiBL37Yp49GXFZfAn/hruo1uOSo050v4=; b=NO0Nomt0Fu6At3TeHOmU/jq+zl3OLPt2nF3pQEkrjKocTPnLyA4z8g8Hd5Kv5F15j1 X8dlXp3B35OCmhCHpa80jxUph8Hs1SelVho4Hd88p3X/MECJiYsZY4cIrmCxZE/GFleh eWrreXSZEH1m5YuOt4+6g5CGH9hgOAFl3q/n+oDQGyeJdhVTvmhL1X5VBEIhW9BUWKFE H4pIGMY6Bv9gd3ag8gnD/4kbmp4xLnybZi1jlB5P8GyiWCLHU1fFdQQauqMZ9Hf9POKi u0SoSSOXvBtRiYDa93sz03LmDOIT+EWIHghr9caXVj6FkYIBu+Xe02ICjWlMJFozYFpp T71w==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778065379; x=1778670179; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5orqycrEOYeD1J2GyhUBI2LVqYLlvZ0UXCfWN3ISu+U=; b=hcmQKsdWrLq0S7aTjddkVOXSiiIJCtwmndExPhSj/VfYF2250lOF9XrOsilsHahkWw FfYn2Qy+Du3zblJsTy62ffVLWQUIO/n63xpQqOkjT8mlhaXx9fZmVVHtlHFxEU9e2cQS +XgHxQBSgNf6GnwjK32xEB9aFLiyJsXu+aQy5so6UqkMLNQt0ByDsYKISNNHMFY/PO/g dVvawWwdNt2WR1W6hr8PEHLGn7rhKUBc7r8mNlPzkv8GHVZywVKNs8rsuEjVJw5clzRt ZsfpzLvz9xPKC2FZYgpKWBC5BamLyOyoiu3PpKsO6hHwv1LYaK+M0q2/tAS+ChKhUAJ8 60bQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778065379; x=1778670179; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5orqycrEOYeD1J2GyhUBI2LVqYLlvZ0UXCfWN3ISu+U=; b=rPha+gdEGYEiIIA3CRytVX0Wy+oNV7mInKvpepPlYU4cZJqMwtGMkexCp1B4RbAQzP h7DyRtiNg10deMVZ4feWuB4ag2X3Bwo6ZI9xG7Ywlk8ybDIh6TkouX6CejJVVVsfIMVQ x3RRDOeQ6EyE3Qwzk2AoulS2tRBiXgL8mHVI0njykQdmlSUttLbCVpvXQjXJN1Elw6L4 2e6TE5sp0jhBvR8ghVNwpC4pKq41W0yIXnZowZVMSN9pcY3WOTyWUWEFySE+NumMYeeW aWY9ODhSiTWoWhhRiFub+u8oKVRMpBGdBzoXK++i7U5TPtRC9SgydvnhZjGWztt8Hgny hwUw==
X-Forwarded-Encrypted: i=1; AFNElJ/YWkR9IxAmHXM2dZg2E8zlpiUGHn4KtM93fw/+daAFBDotpfBAo0Sydpfw2UBEcVtqIaT8@ietf.org
X-Gm-Message-State: AOJu0YzwOVrfRFURvLl7gayQPYxSKAdd+og3M0WzdFPHsI/ysEj13v8D tLDb8Ze4pWr6n0HAo8zQPUqRATpTW8Q/YeFoD9XGyhxebFHxanavrPZz89zhtRWs7eE0CksLdoW Taseg0ei63nTka37wLXVAF2P0ExFhYQ==
X-Gm-Gg: AeBDieuA6M281GVlD21yJbEm2LeaIL+c9y5LedqrvsV6pUax3dnTxvUCyTbQ05IDP8M gzHuneIEeay0xPA3/zlqreirpIfA8o+cKmxkjn5XeQi4g5VN1yNXT0CmPVutGKkMVBCz/y/XQFw H6nnOxRKXH4wRGYpTHvgQ+9qOWkfsA4BlZ/y5AwTFMnDqCymYH3nz6GuVf0wW9UrP/vNARA3REb KYaxr0earoraCEL7g0mvtvZvsfQzdOnZHX+5PEtGt3nu097qCvwawSRchWpnfy/EUk6buw1zkHa ypBWcbZ9GiRQF1KApD5yvCUnjriFZYI8Bnlb3rh3JgNYuEeY+ctPoNgSy9RWi09/YyiRK8Tx9FL GEryi73s3DENj6B/Ipu9A+x6yQzlOYh8jAMMHccmyF9jawQ4=
X-Received: by 2002:a05:7300:434b:b0:2ea:b975:3db1 with SMTP id 5a478bee46e88-2f54ad77112mr1405988eec.23.1778065379134; Wed, 06 May 2026 04:02:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAGgd1OfgjBZL1yghSNyV7VAA5UvskNpHitb7_JNL1a2j4wN-6Q@mail.gmail.com> <PN2P287MB2046EFDADD1B7B9D1AE9C125EC312@PN2P287MB2046.INDP287.PROD.OUTLOOK.COM> <CAKZgXHptha5KM_aLOsKXgafz4B1e_X5b00Vg7taHENN_hpVG9A@mail.gmail.com>
In-Reply-To: <CAKZgXHptha5KM_aLOsKXgafz4B1e_X5b00Vg7taHENN_hpVG9A@mail.gmail.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Wed, 06 May 2026 07:02:47 -0400
X-Gm-Features: AVHnY4Lg76pw5-6Jo9K8t4QrjLbWnk8pEaxpQNgquzfNNTwERi3jSsMgJ-vw_qI
Message-ID: <CAGgd1OcG7AXEuYUieh4yo6v+Y9yQM0bXP1YifFOsaDDKOLJ1wQ@mail.gmail.com>
To: Mike Ounsworth <ounsworth+ietf@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000004f919c0651241b59"
Message-ID-Hash: ZHGSYA57KA43WWLKEMBWF625YXGNCVPB
X-Message-ID-Hash: ZHGSYA57KA43WWLKEMBWF625YXGNCVPB
X-MailFrom: debcooley1@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-acme.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Ganesh Mallaya <ganesh.mallaya=40appviewx.com@dmarc.ietf.org>, "draft-ietf-acme-device-attest.authors@ietf.org" <draft-ietf-acme-device-attest.authors@ietf.org>, "<acme-chairs@ietf.org>" <acme-chairs@ietf.org>, IETF ACME <acme@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Acme] Re: AD comments on draft-ietf-acme-device-attest
List-Id: Automated Certificate Management Environment <acme.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/yRx9p_ldMwUmmsjg6BjeZ-vgdYM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Owner: <mailto:acme-owner@ietf.org>
List-Post: <mailto:acme@ietf.org>
List-Subscribe: <mailto:acme-join@ietf.org>
List-Unsubscribe: <mailto:acme-leave@ietf.org>

Thanks, those all work for me.

Deb

On Tue, May 5, 2026 at 6:04 PM Mike Ounsworth <ounsworth+ietf@gmail.com>
wrote:

> @Deb Cooley <debcooley1@gmail.com>
>
> FYI the authors just published -04 a few minutes ago, which addresses all
> the IESG comments received so far.
> https://datatracker.ietf.org/doc/draft-ietf-acme-device-attest/
>
>
> On Tue, 5 May 2026 at 17:00, Ganesh Mallaya <ganesh.mallaya=
> 40appviewx.com@dmarc.ietf.org> wrote:
>
>> Hello Deb,
>>
>> Thank you for the note and the comments, all points noted, yes we will
>> review and work through them along the IETF LC.
>>
>> Get Outlook for iOS <https://aka.ms/o0ukef>
>> ------------------------------
>> *From:* Deb Cooley <debcooley1@gmail.com>
>> *Sent:* Monday, May 4, 2026 04:22
>> *To:* draft-ietf-acme-device-attest.authors@ietf.org <
>> draft-ietf-acme-device-attest.authors@ietf.org>
>> *Cc:* <acme-chairs@ietf.org> <acme-chairs@ietf.org>; IETF ACME <
>> acme@ietf.org>
>> *Subject:* AD comments on draft-ietf-acme-device-attest
>>
>> *CAUTION: *This email originated from outside of the organization. Do
>> not click links or open attachments unless you can confirm the sender and
>> know the content is safe.
>>
>> First-time / External Recipient Warning
>> You have not previously corresponded with this sender.
>>
>> Thanks for the work to improve this draft!
>>
>> I have several pretty easy comments.  I will put this draft into IETF
>> Last Call, with the assumption that my comments will be worked
>> before/together with IETF Last Call comments.
>>
>> Section 1, para 3:  'is to be' is an odd turn of phrase, how about 'will
>> be'?
>>
>> Section 3.1, assigner value:  Is this intended to be an IP address?  If
>> so, expect to get a comment similar to 'what about IPv6 addresses?'  If it
>> is intended to be an OID, then I would just say that, as is done in Section
>> 4.1.
>>
>> Section 3.2, title:  Add (CSR).  Or within para 4, spell out CSR instead.
>>
>> Section 3.2 and 4.2, para 3 and 4:  'octet-for-octet', I'm curious to
>> hear why any other sort of 'match' isn't correct or useful.  And why merely
>> saying that it 'MUST be a match' wouldn't work.
>>
>> Section 6.1, para 1:  nit:  remove '###External Account Binding'.
>>
>> Section 6.1.1, para 2:   This wording isn't clear (I had to read it a
>> bunch of times to understand).  How about something like, 'Servers can rely
>> on other authorization mechanisms,such as external account binding or
>> pre-authorized accounts, to establish device identity instead of completing
>> the device-attest-01 challenge.'
>>
>> Deb Cooley
>> Sec AD
>> _______________________________________________
>> Acme mailing list -- acme@ietf.org
>> To unsubscribe send an email to acme-leave@ietf.org
>>
>

v2.46.0 | Report a Bug | By Email | System Status