IETF Logo Mail Archive

Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review

emile.stephan@orange.com Wed, 07 February 2024 18:53 UTC

Return-Path: <emile.stephan@orange.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52187C151065; Wed, 7 Feb 2024 10:53:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aIL-8eRtIiJh; Wed, 7 Feb 2024 10:53:27 -0800 (PST)
Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.210.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFC17C14CE53; Wed, 7 Feb 2024 10:53:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1707332007; x=1738868007; h=to:cc:subject:date:message-id:references:in-reply-to: mime-version:from; bh=FuVg3foJrkvM4NC4kdZTpnJ+91wLSlT/0onZm2ok2dE=; b=QgSK7/j9I/cmsUkuKXn7TLe8X3NXt8HbQfWW07oWNMUX5DHLoJSsvWoe 8chvi/3pxUa9sC/XAjDAixa4JIaeS3+SvC/R3bILxbNdFa2oHyPx6OZfi YzFYWqBP38SYslrkU/7U1bkwaT/3/SncurLlBk+nsgGQd2Im0BQNM9CkI cJ7yYrfK7958+h+HuV0X+mbHgflVhM12ZjzW5dlgi1tvaus6qqvBvXxqG 5jz5agkvlBDv+pQD65PI3spRXeGell3vR0pzkL6xBXE5+Hm6JF3Jqp+IX HyJbmxCKmenZBsii4Yn5LeNfDbE3plAUAd46sBZd8kpM+mW8gZettHI/0 w==;
Received: from unknown (HELO opfedv1rlp0d.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 19:53:24 +0100
Received: from unknown (HELO OPE16NORMBX202.corporate.adroot.infra.ftgroup) ([x.x.x.x]) by opfedv1rlp0d.nor.fr.ftgroup with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 07 Feb 2024 19:53:24 +0100
Received: from OPE16NORMBX204.corporate.adroot.infra.ftgroup [x.x.x.x] by OPE16NORMBX202.corporate.adroot.infra.ftgroup [x.x.x.x] with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 7 Feb 2024 19:53:24 +0100
Received: from OPE16NORMBX204.corporate.adroot.infra.ftgroup ([x.x.x.x]) by OPE16NORMBX204.corporate.adroot.infra.ftgroup ([x.x.x.x]) with mapi id 15.01.2507.035; Wed, 7 Feb 2024 19:53:24 +0100
From: emile.stephan@orange.com
X-IronPort-AV: E=Sophos;i="6.05,251,1701126000"; d="scan'208,217";a="103096455"
To: "Mishra, Sanjay" <sanjay.mishra@verizon.com>, Alice Russo <arusso@amsl.com>
CC: FIEAU Frédéric INNOV/NET <frederic.fieau@orange.com>, "Mishra, Sanjay" <sanjay.mishra=40verizon.com@dmarc.ietf.org>, "cdni-ads@ietf.org" <cdni-ads@ietf.org>, "cdni-chairs@ietf.org" <cdni-chairs@ietf.org>, "kevin.j.ma.ietf@gmail.com" <kevin.j.ma.ietf@gmail.com>, "francesca.palombini@ericsson.com" <francesca.palombini@ericsson.com>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>, auth48archive <auth48archive@rfc-editor.org>
Thread-Topic: [E] Re: AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review
Thread-Index: AQHaWenjhXEv2kU6IkqJ6j52Jfx5j7D/ElcAgAAl2MA=
Date: Wed, 07 Feb 2024 18:53:24 +0000
Message-ID: <7b15b21d11cd47d7af60365e7b139e26@orange.com>
References: <20240123065751.D786E199610A@rfcpa.amsl.com> <7566767A-2661-462A-AE1B-2E225ACAA0D7@amsl.com> <CA+EbDtCSsAe6M=jW5NfXwpWkBPO2CLBuVmxFwM2ZB5sF+jXSGg@mail.gmail.com> <3DD85FCC-090F-4401-A6CF-640E966C749F@amsl.com> <CA+EbDtAnf19sMORx4L7mip4Qq-uPT4Vn4gFV37dbhRss-AJfQA@mail.gmail.com>
In-Reply-To: <CA+EbDtAnf19sMORx4L7mip4Qq-uPT4Vn4gFV37dbhRss-AJfQA@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true;
x-originating-ip: [10.115.26.50]
Content-Type: multipart/alternative; boundary="_000_7b15b21d11cd47d7af60365e7b139e26orangecom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/aeHRgPTZem4ce5iYI-AxH7JgbHk>
Subject: Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 18:53:32 -0000

Hi Alice

I hope you are well.

I approve to the 4 new wording suggested below.

Tell me if you expect a more detailed answer.

Kind regards
Emile



From: Mishra, Sanjay <sanjay.mishra@verizon.com>
Sent: mercredi 7 février 2024 18:31
To: Alice Russo <arusso@amsl.com>
Cc: FIEAU Frédéric INNOV/NET <frederic.fieau@orange.com>; STEPHAN Emile INNOV/NET <emile.stephan@orange.com>; Mishra, Sanjay <sanjay.mishra=40verizon.com@dmarc.ietf.org>; cdni-ads@ietf.org; cdni-chairs@ietf.org; kevin.j.ma.ietf@gmail.com; francesca.palombini@ericsson.com; rfc-editor@rfc-editor.org; auth48archive <auth48archive@rfc-editor.org>
Subject: Re: [E] Re: AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review

Hi Alice - Thank you and please see response below for the 4 questions:

1) <!--[rfced] May this be rephrased as follows for readability?

Original:
   RFC9115 allows delegating entities to remain in
   full control of the delegation and be able to revoke it any time and
   this avoids the need to share private cryptographic key material
   between the involved entities.

Perhaps:
   Per RFC 9115, delegating entities can remain in
   full control of the delegation and can revoke it at any time.
   This avoids the need to share private cryptographic key material
   between the involved entities.
-->
Yes, I approve the new wording as suggested above



2) <!--[rfced] FYI, in Section 1.1, we added mention of "STAR" so that it
is expanded upon first use. Please let us know if you prefer otherwise.
(In the original, the first use was in Section 3 - "ACME STAR delegation"
was followed by explanation but was without a direct expansion.)

Original:
   It also uses
   terminology from Section 1.2 of [RFC8739] and Section 1.1 of
   [RFC9115].

Current:
   It also uses
   terminology from Section 1.2 of [RFC8739] and Section 1.1 of
   [RFC9115], including Short-Term, Automatically Renewed (STAR),
   as applied to X.509 certificates.
-->
Yes, I approve of the new wording as above.

3) <!--[rfced] How may this sentence be rephrased for clarity? In particular,
"allows to specify" is not clear. Also, Section 2.3.1.3 of RFC 9115
indicates that the CNAME mapping is optional; should this sentence be
updated to reflect that?

Original:
      |   Note: The delegation object defined in Section 2.3.1.3 of
      |  [RFC9115] only allows to specify DNS mappings using CNAME RRs.

Perhaps:
      |   Note: The delegation object defined in Section 2.3.1.3 of
      |  [RFC9115] only allows DNS mappings to be specified using CNAME RRs.
Yes, I approve the above wording as suggested

Or:
      |   Note: The delegation object defined in Section 2.3.1.3 of
      |  [RFC9115] allows DNS mappings to be specified using only CNAME RRs.
-->

4) <!--[rfced] FYI, for readability and precision, we have made the following
updates: split this into two sentences, changed "criticality around"
to "criticality of", and changed "which" to "this account".
Please review and let us know if you prefer otherwise.

Original:
   The reader is expected to understand the ACME delegation trust model
   (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of
   [RFC9115]), in particular the criticality around the protection of
   the user account associated with the delegation, which authorizes all
   the security relevant operations between dCDN and uCDN over the ACME
   channel.

Current:
   The reader is expected to understand the ACME delegation trust model
   (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of
   [RFC9115]).  In particular, the reader is expected to understand the
   criticality of the protection of the user account associated with the
   delegation; this account authorizes all the security-relevant
   operations between a dCDN and a uCDN over the ACME channel.

Yes, I approve of the suggested text.

Thank you very much
Best
Sanjay

On Wed, Feb 7, 2024 at 12:17 PM Alice Russo <arusso@amsl.com<mailto:arusso@amsl.com>> wrote:
Authors,

Sanjay, thank you for your reply and for letting us know about Frederic's reply to the CDNI mailing list.

Please reply to the 4 questions below regarding changes to the text.

The edited document is here:
  https://www.rfc-editor.org/authors/rfc9538.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=XOsYGqdULf1sukFz5ueGCAT59-g7YGPn8rgacJ7W59E&e=>
  https://www.rfc-editor.org/authors/rfc9538.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.pdf&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=AR7UVig_EBXmdUtR4mK3K7aCK8y9zvlYqbtPUQI0w-U&e=>
  https://www.rfc-editor.org/authors/rfc9538.txt<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.txt&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=UEqFill8vd79sdKkszQMoP3mG1cAbOptksTuj_o1RAA&e=>
  https://www.rfc-editor.org/authors/rfc9538.xml<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.xml&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=sQ2qP5GPRdAlTIJimPXGx3poU_3Bmwe_Eve0EDFt6MM&e=> (source)

Diff files of all changes from the approved Internet-Draft:
  https://www.rfc-editor.org/authors/rfc9538-diff.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538-2Ddiff.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=j5juTW6xkNnHae-eThUeVyNCPJgnLlTKfEDsKSAbtR4&e=>
  https://www.rfc-editor.org/authors/rfc9538-rfcdiff.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538-2Drfcdiff.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=1JzhUM7fy4pM8kLTjy50JTkKEU37JXJDuK-T4AfW0_E&e=> (side by side)

This page shows the AUTH48 status of your document:
  https://www.rfc-editor.org/auth48/rfc9538<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_auth48_rfc9538&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=ERNt_sWBTn0aYI_tDCaQC_ywG1qws-Ir4ncBTIAyRZOVrkbHe3FeVoc9sDAYr1rM&s=FdyiphjMOKvHMdbnAQkSp4iXdqWKMnv1ecKrY8MOBMg&e=>

In addition to the authors' responses to the questions, we hope to hear from Emile Stephan, as an approval is needed from each author listed in the first-page header of the RFC.

Thank you.
RFC Editor/ar


On Feb 7, 2024, at 7:21 AM, Mishra, Sanjay <sanjay.mishra=40verizon.com@dmarc.ietf.org<mailto:sanjay.mishra=40verizon.com@dmarc.ietf.org>> wrote:

Hi Alice - My co-author Frederic Fieau responded approving this drafts, however, it is a different email thread addressed to cdni@ietf.org<mailto:cdni@ietf.org> so I as confirmation, I'm responding to this thread, I as a co-author along with Emile Stephan and Frederic Fieau have reviewed all changes and approve publication of this document as RFC 9538.

We are thankful to co-chair Kevin Ma for his guidance and the AD, Francesca Palombini and everyone that contributed and commented to this draft and of course a big thanks to the editorial team.

Regards
Sanjay Mishra

snippet of email from Fred is below:
frederic.fieau@orange.com<mailto:frederic.fieau@orange.com>
9:41 AM (37 minutes ago)
to cdni@ietf.org<mailto:cdni@ietf.org>, me, STEPHAN

Dear all,

I have reviewed all changes in draft-ietf-cdni-delegation-acme and concur with them. On behalf of the authors, I approve the document for publication as RFC9538.

I would like to thank the CDNI WG and all individuals who participated for their valuable contributions throughout the process which has now reached its conclusion for this draft.

Regards,
Frederic

On Tue, Feb 6, 2024 at 6:12 PM Alice Russo <arusso@amsl.com<mailto:arusso@amsl.com>> wrote:
Authors,

This is a reminder that we await word from you regarding the questions below and this document's readiness for publication as an RFC. The files are here:

  https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.html&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=5TzFzGWGUvYktrbM8hNWTP8hhGH7e5HbSUIxNf_TLA0&e=
  https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.pdf&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=-ES9wp1LnU6Q7BFV8U-fcv_gUpKgEg8ECmuutDUGb9w&e=
  https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.txt&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=6vBNFP8MiPXcTbSU4PnBrPvuXbyaL7ysXKxiedlaDGc&e=
  https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538.xml&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=QyfJ3JEyXCJaYC3zyThHRZBmzKiYNACxoJ4MArXCUK8&e=  (source)

Diff files of all changes from the approved Internet-Draft:
  https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538-2Ddiff.html&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=lHSovOjBUHrLUveLLyMBUoqm_IlAWXB37E8HMdIUZ68&e=
  https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_authors_rfc9538-2Drfcdiff.html&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=MjAFFfiY9fQr9Bv5FYsBigSAzexwRe3sL6KOEbvy7PM&e=  (side by side)

This page shows the AUTH48 status of your document:
  https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_auth48_rfc9538&d=DwIFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=_uLNEDcaPBsFXYMA8j5oRepqfLBtLE6RKluO5xkPC-kqNuhB9LwWEVarzV9IR2tN&s=-577wxpatCuL4syt5zliTCPSry6dSb98RzaRlHqLg10&e=

Thank you.
RFC Editor/ar

> On Jan 22, 2024, at 10:57 PM, rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org> wrote:
>
> Authors,
>
> While reviewing this document during AUTH48, please resolve (as necessary) the
> following questions, which are also in the XML file.
>
> 1) <!--[rfced] May this be rephrased as follows for readability?
>
> Original:
>   RFC9115 allows delegating entities to remain in
>   full control of the delegation and be able to revoke it any time and
>   this avoids the need to share private cryptographic key material
>   between the involved entities.
>
> Perhaps:
>   Per RFC 9115, delegating entities can remain in
>   full control of the delegation and can revoke it at any time.
>   This avoids the need to share private cryptographic key material
>   between the involved entities.
> -->
>
>
> 2) <!--[rfced] FYI, in Section 1.1, we added mention of "STAR" so that it
> is expanded upon first use. Please let us know if you prefer otherwise.
> (In the original, the first use was in Section 3 - "ACME STAR delegation"
> was followed by explanation but was without a direct expansion.)
>
> Original:
>   It also uses
>   terminology from Section 1.2 of [RFC8739] and Section 1.1 of
>   [RFC9115].
>
> Current:
>   It also uses
>   terminology from Section 1.2 of [RFC8739] and Section 1.1 of
>   [RFC9115], including Short-Term, Automatically Renewed (STAR),
>   as applied to X.509 certificates.
> -->
>
>
> 3) <!--[rfced] How may this sentence be rephrased for clarity? In particular,
> "allows to specify" is not clear. Also, Section 2.3.1.3 of RFC 9115
> indicates that the CNAME mapping is optional; should this sentence be
> updated to reflect that?
>
> Original:
>      |   Note: The delegation object defined in Section 2.3.1.3 of
>      |  [RFC9115] only allows to specify DNS mappings using CNAME RRs.
>
> Perhaps:
>      |   Note: The delegation object defined in Section 2.3.1.3 of
>      |  [RFC9115] only allows DNS mappings to be specified using CNAME RRs.
>
> Or:
>      |   Note: The delegation object defined in Section 2.3.1.3 of
>      |  [RFC9115] allows DNS mappings to be specified using only CNAME RRs.
> -->
>
>
> 4) <!--[rfced] FYI, for readability and precision, we have made the following
> updates: split this into two sentences, changed "criticality around"
> to "criticality of", and changed "which" to "this account".
> Please review and let us know if you prefer otherwise.
>
> Original:
>   The reader is expected to understand the ACME delegation trust model
>   (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of
>   [RFC9115]), in particular the criticality around the protection of
>   the user account associated with the delegation, which authorizes all
>   the security relevant operations between dCDN and uCDN over the ACME
>   channel.
>
> Current:
>   The reader is expected to understand the ACME delegation trust model
>   (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of
>   [RFC9115]).  In particular, the reader is expected to understand the
>   criticality of the protection of the user account associated with the
>   delegation; this account authorizes all the security-relevant
>   operations between a dCDN and a uCDN over the ACME channel.
> -->
>
>
> Thank you.
>
> RFC Editor/ar
>
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email