Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review
Alice Russo <arusso@amsl.com> Tue, 06 February 2024 23:12 UTC
Return-Path: <arusso@amsl.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44451C14F6E1; Tue, 6 Feb 2024 15:12:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7g80eKFufnVT; Tue, 6 Feb 2024 15:12:40 -0800 (PST)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1BDFC14F6A0; Tue, 6 Feb 2024 15:12:40 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 90916424B432; Tue, 6 Feb 2024 15:12:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dl1x7nL0oSDz; Tue, 6 Feb 2024 15:12:40 -0800 (PST)
Received: from smtpclient.apple (c-76-146-133-47.hsd1.wa.comcast.net [76.146.133.47]) by c8a.amsl.com (Postfix) with ESMTPSA id 37C80424B426; Tue, 6 Feb 2024 15:12:40 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alice Russo <arusso@amsl.com>
In-Reply-To: <20240123065751.D786E199610A@rfcpa.amsl.com>
Date: Tue, 06 Feb 2024 15:12:39 -0800
Cc: cdni-ads@ietf.org, cdni-chairs@ietf.org, kevin.j.ma.ietf@gmail.com, francesca.palombini@ericsson.com, rfc-editor@rfc-editor.org, auth48archive <auth48archive@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7566767A-2661-462A-AE1B-2E225ACAA0D7@amsl.com>
References: <20240123065751.D786E199610A@rfcpa.amsl.com>
To: frederic.fieau@orange.com, emile.stephan@orange.com, sanjay.mishra@verizon.com
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/jb31P_qxLBSjNNY1ZZyF7FRy33M>
Subject: Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2024 23:12:46 -0000
Authors, This is a reminder that we await word from you regarding the questions below and this document's readiness for publication as an RFC. The files are here: https://www.rfc-editor.org/authors/rfc9538.html https://www.rfc-editor.org/authors/rfc9538.pdf https://www.rfc-editor.org/authors/rfc9538.txt https://www.rfc-editor.org/authors/rfc9538.xml (source) Diff files of all changes from the approved Internet-Draft: https://www.rfc-editor.org/authors/rfc9538-diff.html https://www.rfc-editor.org/authors/rfc9538-rfcdiff.html (side by side) This page shows the AUTH48 status of your document: https://www.rfc-editor.org/auth48/rfc9538 Thank you. RFC Editor/ar > On Jan 22, 2024, at 10:57 PM, rfc-editor@rfc-editor.org wrote: > > Authors, > > While reviewing this document during AUTH48, please resolve (as necessary) the > following questions, which are also in the XML file. > > 1) <!--[rfced] May this be rephrased as follows for readability? > > Original: > RFC9115 allows delegating entities to remain in > full control of the delegation and be able to revoke it any time and > this avoids the need to share private cryptographic key material > between the involved entities. > > Perhaps: > Per RFC 9115, delegating entities can remain in > full control of the delegation and can revoke it at any time. > This avoids the need to share private cryptographic key material > between the involved entities. > --> > > > 2) <!--[rfced] FYI, in Section 1.1, we added mention of "STAR" so that it > is expanded upon first use. Please let us know if you prefer otherwise. > (In the original, the first use was in Section 3 - "ACME STAR delegation" > was followed by explanation but was without a direct expansion.) > > Original: > It also uses > terminology from Section 1.2 of [RFC8739] and Section 1.1 of > [RFC9115]. > > Current: > It also uses > terminology from Section 1.2 of [RFC8739] and Section 1.1 of > [RFC9115], including Short-Term, Automatically Renewed (STAR), > as applied to X.509 certificates. > --> > > > 3) <!--[rfced] How may this sentence be rephrased for clarity? In particular, > "allows to specify" is not clear. Also, Section 2.3.1.3 of RFC 9115 > indicates that the CNAME mapping is optional; should this sentence be > updated to reflect that? > > Original: > | Note: The delegation object defined in Section 2.3.1.3 of > | [RFC9115] only allows to specify DNS mappings using CNAME RRs. > > Perhaps: > | Note: The delegation object defined in Section 2.3.1.3 of > | [RFC9115] only allows DNS mappings to be specified using CNAME RRs. > > Or: > | Note: The delegation object defined in Section 2.3.1.3 of > | [RFC9115] allows DNS mappings to be specified using only CNAME RRs. > --> > > > 4) <!--[rfced] FYI, for readability and precision, we have made the following > updates: split this into two sentences, changed "criticality around" > to "criticality of", and changed "which" to "this account". > Please review and let us know if you prefer otherwise. > > Original: > The reader is expected to understand the ACME delegation trust model > (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of > [RFC9115]), in particular the criticality around the protection of > the user account associated with the delegation, which authorizes all > the security relevant operations between dCDN and uCDN over the ACME > channel. > > Current: > The reader is expected to understand the ACME delegation trust model > (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of > [RFC9115]). In particular, the reader is expected to understand the > criticality of the protection of the user account associated with the > delegation; this account authorizes all the security-relevant > operations between a dCDN and a uCDN over the ACME channel. > --> > > > Thank you. > > RFC Editor/ar > > > On Jan 22, 2024, rfc-editor@rfc-editor.org wrote: > > *****IMPORTANT***** > > Updated 2024/01/22 > > RFC Author(s): > -------------- > > Instructions for Completing AUTH48 > > Your document has now entered AUTH48. Once it has been reviewed and > approved by you and all coauthors, it will be published as an RFC. > If an author is no longer available, there are several remedies > available as listed in the FAQ (https://www.rfc-editor.org/faq/). > > You and you coauthors are responsible for engaging other parties > (e.g., Contributors or Working Group) as necessary before providing > your approval. > > Planning your review > --------------------- > > Please review the following aspects of your document: > > * RFC Editor questions > > Please review and resolve any questions raised by the RFC Editor > that have been included in the XML file as comments marked as > follows: > > <!-- [rfced] ... --> > > These questions will also be sent in a subsequent email. > > * Changes submitted by coauthors > > Please ensure that you review any changes submitted by your > coauthors. We assume that if you do not speak up that you > agree to changes submitted by your coauthors. > > * Content > > Please review the full content of the document, as this cannot > change once the RFC is published. Please pay particular attention to: > - IANA considerations updates (if applicable) > - contact information > - references > > * Copyright notices and legends > > Please review the copyright notice and legends as defined in > RFC 5378 and the Trust Legal Provisions > (TLP – https://trustee.ietf.org/license-info/). > > * Semantic markup > > Please review the markup in the XML file to ensure that elements of > content are correctly tagged. For example, ensure that <sourcecode> > and <artwork> are set correctly. See details at > <https://authors.ietf.org/rfcxml-vocabulary>. > > * Formatted output > > Please review the PDF, HTML, and TXT files to ensure that the > formatted output, as generated from the markup in the XML file, is > reasonable. Please note that the TXT will have formatting > limitations compared to the PDF and HTML. > > > Submitting changes > ------------------ > > To submit changes, please reply to this email using ‘REPLY ALL’ as all > the parties CCed on this message need to see your changes. The parties > include: > > * your coauthors > > * rfc-editor@rfc-editor.org (the RPC team) > > * other document participants, depending on the stream (e.g., > IETF Stream participants are your working group chairs, the > responsible ADs, and the document shepherd). > > * auth48archive@rfc-editor.org, which is a new archival mailing list > to preserve AUTH48 conversations; it is not an active discussion > list: > > * More info: > https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > > * The archive itself: > https://mailarchive.ietf.org/arch/browse/auth48archive/ > > * Note: If only absolutely necessary, you may temporarily opt out > of the archiving of messages (e.g., to discuss a sensitive matter). > If needed, please add a note at the top of the message that you > have dropped the address. When the discussion is concluded, > auth48archive@rfc-editor.org will be re-added to the CC list and > its addition will be noted at the top of the message. > > You may submit your changes in one of two ways: > > An update to the provided XML file > — OR — > An explicit list of changes in this format > > Section # (or indicate Global) > > OLD: > old text > > NEW: > new text > > You do not need to reply with both an updated XML file and an explicit > list of changes, as either form is sufficient. > > We will ask a stream manager to review and approve any changes that seem > beyond editorial in nature, e.g., addition of new text, deletion of text, > and technical changes. Information about stream managers can be found in > the FAQ. Editorial changes do not require approval from a stream manager. > > > Approving for publication > -------------------------- > > To approve your RFC for publication, please reply to this email stating > that you approve this RFC for publication. Please use ‘REPLY ALL’, > as all the parties CCed on this message need to see your approval. > > > Files > ----- > > The files are available here: > https://www.rfc-editor.org/authors/rfc9538.xml > https://www.rfc-editor.org/authors/rfc9538.html > https://www.rfc-editor.org/authors/rfc9538.pdf > https://www.rfc-editor.org/authors/rfc9538.txt > > Diff file of the text: > https://www.rfc-editor.org/authors/rfc9538-diff.html > https://www.rfc-editor.org/authors/rfc9538-rfcdiff.html (side by side) > > Diff of the XML: > https://www.rfc-editor.org/authors/rfc9538-xmldiff1.html > > > Tracking progress > ----------------- > > The details of the AUTH48 status of your document are here: > https://www.rfc-editor.org/auth48/rfc9538 > > Please let us know if you have any questions. > > Thank you for your cooperation, > > RFC Editor > > -------------------------------------- > RFC9538 (draft-ietf-cdni-delegation-acme-04) > > Title : Content Delivery Network Interconnection (CDNI) Delegation Using the Automated Certificate Management Environment > Author(s) : F. Fieau, Ed., S. Emile, S. Mishra > WG Chair(s) : Kevin J. Ma, Sanjay Mishra > Area Director(s) : Murray Kucherawy, Francesca Palombini >
- [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-cdni-… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-c… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-c… Alice Russo
- Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draf… Mishra, Sanjay
- Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-c… Alice Russo
- Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draf… Mishra, Sanjay
- Re: [auth48] AUTH48: RFC-to-be 9538 <draft-ietf-c… Alice Russo
- Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draf… Mishra, Sanjay
- Re: [auth48] [E] Re: AUTH48: RFC-to-be 9538 <draf… emile.stephan
- [auth48] question - Re: AUTH48: RFC-to-be 9538 <d… Alice Russo
- Re: [auth48] question - Re: AUTH48: RFC-to-be 953… frederic.fieau
- Re: [auth48] question - Re: AUTH48: RFC-to-be 953… Alice Russo