Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review
"Mishra, Sanjay" <sanjay.mishra@verizon.com> Wed, 07 February 2024 17:31 UTC
Return-Path: <sanjay.mishra@verizon.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D2A5C14F699 for <auth48archive@ietfa.amsl.com>; Wed, 7 Feb 2024 09:31:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SORBS_WEB=1.5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verizon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MY1Z9Wrw4Ukh for <auth48archive@ietfa.amsl.com>; Wed, 7 Feb 2024 09:31:37 -0800 (PST)
Received: from mx0a-0024a201.pphosted.com (mx0a-0024a201.pphosted.com [148.163.149.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C9DBC14F6A4 for <auth48archive@rfc-editor.org>; Wed, 7 Feb 2024 09:31:37 -0800 (PST)
Received: from pps.filterd (m0114268.ppops.net [127.0.0.1]) by mx0a-0024a201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 417GPAYi020561 for <auth48archive@rfc-editor.org>; Wed, 7 Feb 2024 12:31:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=prodmail; bh=NAzcH8zkd5bjA6hv2Kk4IH1qz6Fo/OWDFaayv79aZCY=; b=0xlujv2dTtP+dirUps7zNFFRKaeAkuu6OpltzVp6ql6+232sifMirY77hogK24hYbL2I KRTdZQI7SbPNmW04bUuVbovyzj+6KVe7yqRh05+UnbNE7BPg8HnAUfT15XhC+7VyTK7W /Z1h90FpG5N4IbsCtmVyD+5kPJFiKpcWprHqSqXUtLvYKSEV0/4cUqUiXkC9cHUBc4cz skinazSxhazkIe8ch5xT3/re2BMGWgR44ycgSvWC4VRf54MVjlFdWW/tgeBe1NW8hJJe cl4RLR62RkJpIbYZcuZdJWlamqK/0MHTWgA9G0r1drTIVrxiNiouE5VQJlxn6vVhyn20 yQ==
Received: from mail-ot1-f72.google.com (mail-ot1-f72.google.com [209.85.210.72]) by mx0a-0024a201.pphosted.com (PPS) with ESMTPS id 3w3t9wueqe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <auth48archive@rfc-editor.org>; Wed, 07 Feb 2024 12:31:35 -0500
Received: by mail-ot1-f72.google.com with SMTP id 46e09a7af769-6e112f748e1so642278a34.0 for <auth48archive@rfc-editor.org>; Wed, 07 Feb 2024 09:31:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707327094; x=1707931894; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NAzcH8zkd5bjA6hv2Kk4IH1qz6Fo/OWDFaayv79aZCY=; b=gWRBi5Io1IIQLhA2hgllaNqdjya9pvcPUNQaTvA7NsghkfxbARYb+kDLZqaNBxCY4F dr+fWGbM4WCKBq+SQZUpflcix7U2PExFTybTcilbDSQLMDcZguW7CDKqUr7flSe9qUzo 2Fm/0ICSZQM9sirPGvIYQFmB369v6qZuQOTU9ugZap0klnwgDBTfecZ0l4GOSSnEh5Bm DJVTyIYH0dSbJzee6sGWChdMqcATtksMQhI3vH4k95qVNy5ntwAA/xl/I7llytF9aqH1 EXShUf8QlirL2l2SmJ+L/tJVfsORVX2ybegnNbIJwXgMUKClyWhafUOeQypuEn6NT0Ez jdVw==
X-Gm-Message-State: AOJu0YwGFLBCwCTC7YR5keJK2bZ4NhinjzbiqPXP02tJBb40SpQrcjWm GH1AwQ0MQ+lZ3Js+H8PYz/mfTXAhfkcKKkGNRnNEGb2YnqrX+sfpeDkYZGBiADnfqR/lbdvdqBL yGY896rMQ0bczMznsSbhrW/kkBIn2tbUPNJpfiukQ7V1RSpKkbipsK5tkuvsJwJ4At6n5zftWNt YpnN5K1tlHp/xm6Wo3n77/0FAn2wQjQZpnAVc=
X-Received: by 2002:a05:6358:7f11:b0:178:7343:2d1b with SMTP id p17-20020a0563587f1100b0017873432d1bmr3803978rwn.20.1707327094470; Wed, 07 Feb 2024 09:31:34 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFLZJUs2UeV+NVd0MVDKgDpON1UcenioRLJqR0KynO+tBcQp8nWTr5loZmyJU+EegbaEmMSU6Z3pd79OjZHFPY=
X-Received: by 2002:a05:6358:7f11:b0:178:7343:2d1b with SMTP id p17-20020a0563587f1100b0017873432d1bmr3803932rwn.20.1707327093907; Wed, 07 Feb 2024 09:31:33 -0800 (PST)
MIME-Version: 1.0
References: <20240123065751.D786E199610A@rfcpa.amsl.com> <7566767A-2661-462A-AE1B-2E225ACAA0D7@amsl.com> <CA+EbDtCSsAe6M=jW5NfXwpWkBPO2CLBuVmxFwM2ZB5sF+jXSGg@mail.gmail.com> <3DD85FCC-090F-4401-A6CF-640E966C749F@amsl.com>
In-Reply-To: <3DD85FCC-090F-4401-A6CF-640E966C749F@amsl.com>
From: "Mishra, Sanjay" <sanjay.mishra@verizon.com>
Date: Wed, 07 Feb 2024 12:31:22 -0500
Message-ID: <CA+EbDtAnf19sMORx4L7mip4Qq-uPT4Vn4gFV37dbhRss-AJfQA@mail.gmail.com>
To: Alice Russo <arusso@amsl.com>
Cc: frederic.fieau@orange.com, emile.stephan@orange.com, "Mishra, Sanjay" <sanjay.mishra=40verizon.com@dmarc.ietf.org>, cdni-ads@ietf.org, cdni-chairs@ietf.org, kevin.j.ma.ietf@gmail.com, francesca.palombini@ericsson.com, rfc-editor@rfc-editor.org, auth48archive <auth48archive@rfc-editor.org>
Content-Type: multipart/alternative; boundary="000000000000f2faf00610ce10fb"
X-mailroute: internal
X-Proofpoint-ORIG-GUID: UNbfhZCJa1kF_FED1KD65isbHwNy_9jv
X-Proofpoint-GUID: UNbfhZCJa1kF_FED1KD65isbHwNy_9jv
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/W6hkkFJ1db6N7jsLyLrrFMYeOOg>
Subject: Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 17:31:41 -0000
Hi Alice - Thank you and please see response below for the 4 questions: 1) <!--[rfced] May this be rephrased as follows for readability? > > Original: > RFC9115 allows delegating entities to remain in > full control of the delegation and be able to revoke it any time and > this avoids the need to share private cryptographic key material > between the involved entities. > > Perhaps: > Per RFC 9115, delegating entities can remain in > full control of the delegation and can revoke it at any time. > This avoids the need to share private cryptographic key material > between the involved entities. > --> > Yes, I approve the new wording as suggested above > > > 2) <!--[rfced] FYI, in Section 1.1, we added mention of "STAR" so that it > is expanded upon first use. Please let us know if you prefer otherwise. > (In the original, the first use was in Section 3 - "ACME STAR delegation" > was followed by explanation but was without a direct expansion.) > > Original: > It also uses > terminology from Section 1.2 of [RFC8739] and Section 1.1 of > [RFC9115]. > > Current: > It also uses > terminology from Section 1.2 of [RFC8739] and Section 1.1 of > [RFC9115], including Short-Term, Automatically Renewed (STAR), > as applied to X.509 certificates. > --> > > Yes, I approve of the new wording as above. > > 3) <!--[rfced] How may this sentence be rephrased for clarity? In > particular, > "allows to specify" is not clear. Also, Section 2.3.1.3 of RFC 9115 > indicates that the CNAME mapping is optional; should this sentence be > updated to reflect that? > > Original: > | Note: The delegation object defined in Section 2.3.1.3 of > | [RFC9115] only allows to specify DNS mappings using CNAME RRs. > > Perhaps: > | Note: The delegation object defined in Section 2.3.1.3 of > | [RFC9115] only allows DNS mappings to be specified using CNAME > RRs. > > Yes, I approve the above wording as suggested > Or: > | Note: The delegation object defined in Section 2.3.1.3 of > | [RFC9115] allows DNS mappings to be specified using only CNAME > RRs. > --> > > > 4) <!--[rfced] FYI, for readability and precision, we have made the > following > updates: split this into two sentences, changed "criticality around" > to "criticality of", and changed "which" to "this account". > Please review and let us know if you prefer otherwise. > > Original: > The reader is expected to understand the ACME delegation trust model > (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of > [RFC9115]), in particular the criticality around the protection of > the user account associated with the delegation, which authorizes all > the security relevant operations between dCDN and uCDN over the ACME > channel. > > Current: > The reader is expected to understand the ACME delegation trust model > (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of > [RFC9115]). In particular, the reader is expected to understand the > criticality of the protection of the user account associated with the > delegation; this account authorizes all the security-relevant > operations between a dCDN and a uCDN over the ACME channel. > Yes, I approve of the suggested text. Thank you very much Best Sanjay On Wed, Feb 7, 2024 at 12:17 PM Alice Russo <arusso@amsl.com> wrote: > Authors, > > Sanjay, thank you for your reply and for letting us know about Frederic's > reply to the CDNI mailing list. > > Please reply to the 4 questions below regarding changes to the text. > > The edited document is here: > https://www.rfc-editor.org/authors/rfc9538.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=XOsYGqdULf1sukFz5ueGCAT59-g7YGPn8rgacJ7W59E&e=> > https://www.rfc-editor.org/authors/rfc9538.pdf > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.pdf&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=AR7UVig_EBXmdUtR4mK3K7aCK8y9zvlYqbtPUQI0w-U&e=> > https://www.rfc-editor.org/authors/rfc9538.txt > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.txt&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=UEqFill8vd79sdKkszQMoP3mG1cAbOptksTuj_o1RAA&e=> > https://www.rfc-editor.org/authors/rfc9538.xml > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.xml&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=sQ2qP5GPRdAlTIJimPXGx3poU_3Bmwe_Eve0EDFt6MM&e=> > (source) > > Diff files of all changes from the approved Internet-Draft: > https://www.rfc-editor.org/authors/rfc9538-diff.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538-2Ddiff.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=j5juTW6xkNnHae-eThUeVyNCPJgnLlTKfEDsKSAbtR4&e=> > > https://www.rfc-editor.org/authors/rfc9538-rfcdiff.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538-2Drfcdiff.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=1JzhUM7fy4pM8kLTjy50JTkKEU37JXJDuK-T4AfW0_E&e=> (side > by side) > > This page shows the AUTH48 status of your document: > https://www.rfc-editor.org/auth48/rfc9538 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_auth48_rfc9538&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=FdyiphjMOKvHMdbnAQkSp4iXdqWKMnv1ecKrY8MOBMg&e=> > > In addition to the authors' responses to the questions, we hope to hear > from Emile Stephan, as an approval is needed from each author listed in the > first-page header of the RFC. > > Thank you. > RFC Editor/ar > > On Feb 7, 2024, at 7:21 AM, Mishra, Sanjay < > sanjay.mishra=40verizon.com@dmarc.ietf.org> wrote: > > Hi Alice - My co-author Frederic Fieau responded approving this drafts, > however, it is a different email thread addressed to cdni@ietf.org so I > as confirmation, I'm responding to this thread, I as a co-author along with > Emile Stephan and Frederic Fieau have reviewed all changes and approve > publication of this document as RFC 9538. > > We are thankful to co-chair Kevin Ma for his guidance and the AD, > Francesca Palombini and everyone that contributed and commented to this > draft and of course a big thanks to the editorial team. > > Regards > Sanjay Mishra > > snippet of email from Fred is below: > >> frederic.fieau@orange.com >> 9:41 AM (37 minutes ago) >> to cdni@ietf.org, me, STEPHAN >> >> Dear all, >> >> I have reviewed all changes in draft-ietf-cdni-delegation-acme and concur >> with them. On behalf of the authors, I approve the document for publication >> as RFC9538. >> >> I would like to thank the CDNI WG and all individuals who participated >> for their valuable contributions throughout the process which has now >> reached its conclusion for this draft. >> >> Regards, >> Frederic >> > > On Tue, Feb 6, 2024 at 6:12 PM Alice Russo <arusso@amsl.com> wrote: > >> Authors, >> >> This is a reminder that we await word from you regarding the questions >> below and this document's readiness for publication as an RFC. The files >> are here: >> >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.html&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=5TzFzGWGUvYktrbM8hNWTP8hhGH7e5HbSUIxNf_TLA0&e= >> >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.pdf&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=-ES9wp1LnU6Q7BFV8U-fcv_gUpKgEg8ECmuutDUGb9w&e= >> >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.txt&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=6vBNFP8MiPXcTbSU4PnBrPvuXbyaL7ysXKxiedlaDGc&e= >> >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.xml&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=QyfJ3JEyXCJaYC3zyThHRZBmzKiYNACxoJ4MArXCUK8&e= >> (source) >> >> Diff files of all changes from the approved Internet-Draft: >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538-2Ddiff.html&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=lHSovOjBUHrLUveLLyMBUoqm_IlAWXB37E8HMdIUZ68&e= >> >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538-2Drfcdiff.html&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=MjAFFfiY9fQr9Bv5FYsBigSAzexwRe3sL6KOEbvy7PM&e= >> (side by side) >> >> This page shows the AUTH48 status of your document: >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_auth48_rfc9538&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=-577wxpatCuL4syt5zliTCPSry6dSb98RzaRlHqLg10&e= >> >> >> Thank you. >> RFC Editor/ar >> >> > On Jan 22, 2024, at 10:57 PM, rfc-editor@rfc-editor.org wrote: >> > >> > Authors, >> > >> > While reviewing this document during AUTH48, please resolve (as >> necessary) the >> > following questions, which are also in the XML file. >> > >> > 1) <!--[rfced] May this be rephrased as follows for readability? >> > >> > Original: >> > RFC9115 allows delegating entities to remain in >> > full control of the delegation and be able to revoke it any time and >> > this avoids the need to share private cryptographic key material >> > between the involved entities. >> > >> > Perhaps: >> > Per RFC 9115, delegating entities can remain in >> > full control of the delegation and can revoke it at any time. >> > This avoids the need to share private cryptographic key material >> > between the involved entities. >> > --> >> > >> > >> > 2) <!--[rfced] FYI, in Section 1.1, we added mention of "STAR" so that >> it >> > is expanded upon first use. Please let us know if you prefer otherwise. >> > (In the original, the first use was in Section 3 - "ACME STAR >> delegation" >> > was followed by explanation but was without a direct expansion.) >> > >> > Original: >> > It also uses >> > terminology from Section 1.2 of [RFC8739] and Section 1.1 of >> > [RFC9115]. >> > >> > Current: >> > It also uses >> > terminology from Section 1.2 of [RFC8739] and Section 1.1 of >> > [RFC9115], including Short-Term, Automatically Renewed (STAR), >> > as applied to X.509 certificates. >> > --> >> > >> > >> > 3) <!--[rfced] How may this sentence be rephrased for clarity? In >> particular, >> > "allows to specify" is not clear. Also, Section 2.3.1.3 of RFC 9115 >> > indicates that the CNAME mapping is optional; should this sentence be >> > updated to reflect that? >> > >> > Original: >> > | Note: The delegation object defined in Section 2.3.1.3 of >> > | [RFC9115] only allows to specify DNS mappings using CNAME RRs. >> > >> > Perhaps: >> > | Note: The delegation object defined in Section 2.3.1.3 of >> > | [RFC9115] only allows DNS mappings to be specified using CNAME >> RRs. >> > >> > Or: >> > | Note: The delegation object defined in Section 2.3.1.3 of >> > | [RFC9115] allows DNS mappings to be specified using only CNAME >> RRs. >> > --> >> > >> > >> > 4) <!--[rfced] FYI, for readability and precision, we have made the >> following >> > updates: split this into two sentences, changed "criticality around" >> > to "criticality of", and changed "which" to "this account". >> > Please review and let us know if you prefer otherwise. >> > >> > Original: >> > The reader is expected to understand the ACME delegation trust model >> > (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of >> > [RFC9115]), in particular the criticality around the protection of >> > the user account associated with the delegation, which authorizes all >> > the security relevant operations between dCDN and uCDN over the ACME >> > channel. >> > >> > Current: >> > The reader is expected to understand the ACME delegation trust model >> > (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of >> > [RFC9115]). In particular, the reader is expected to understand the >> > criticality of the protection of the user account associated with the >> > delegation; this account authorizes all the security-relevant >> > operations between a dCDN and a uCDN over the ACME channel. >> > --> >> > >> > >> > Thank you. >> > >> > RFC Editor/ar >> > > >
- [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-cdni-… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-c… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-c… Alice Russo
- Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draf… Mishra, Sanjay
- Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-c… Alice Russo
- Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draf… Mishra, Sanjay
- Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-c… Alice Russo
- Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draf… Mishra, Sanjay
- Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draf… emile.stephan
- [auth48] question - Re: AUTH48: RFC-to-be 9538 <d… Alice Russo
- Re: [auth48] question - Re: AUTH48: RFC-to-be 953… frederic.fieau
- Re: [auth48] question - Re: AUTH48: RFC-to-be 953… Alice Russo