Re: [CDNi] Review of draft-ietf-cdni-delegation-acme-00

[frederic.fieau@orange.com]

Hi Thomas,


Yes you're right. I took it into account.


regards,

Frédéric

________________________________
De : Thomas Fossati <Thomas.Fossati@arm.com>
Envoyé : lundi 13 février 2023 19:30:31
À : FIEAU Frédéric INNOV/NET; cdni@ietf.org
Objet : Re: Review of draft-ietf-cdni-delegation-acme-00

Hi Fred,

Thanks very much for addressing my comments.

The last suggestion I have is to change the “lifetime” and “lifetime-adjust” attributes to “star-lifetime” and “star-lifetime-adjust”.
This makes it is visually evident when a delegation is STAR vs non-STAR.
(Of course this is a non-blocking & completely debatable piece of advice 😊)

Cheers, t

PS: I’ve left a PR on your repo with a couple of typographic fixes.



On 10/02/2023, 18:56, "frederic.fieau@orange.com" <frederic.fieau@orange.com> wrote:


Hi Thomas,



Thank you for your review and comments.

I made the following changes on the Github https://github.com/FredericFi/cdni-wg/blob/main/draft-ietf-cdni-delegation-acme.md

If no further remarks, I will post the draft in the next days.



Thanks!

Frederic




> I just realised I had another comment that got lost in the translation

> between my notes and the email... which is: the lifetime-adjust property

> should be optional rather than mandatory, to mirror the STAR definitions

> in Section 3.1.1 [1].



Done



> ## abstract

>

> * why plural "metadata objects"?  Suggestion:

>

> OLD

>

> Specifically, this document defines CDNI Metadata interface objects to

> enable delegation of X.509 certificates leveraging delegation schemes

> defined in RFC9115.

>

> NEW

>

> Specifically, this document defines a CDNI Metadata interface object

> to enable delegation of X.509 certificates leveraging delegation

> schemes defined in RFC9115.

>

>



Done



> * expand FCI on first use:

>

>  Section 2 presents delegation metadata for the FCI interface.



Done




> * typo (extra “to”)

>

>   When a uCDN delegates to a dCDN to deliver HTTPS traffic using DNS

>   Redirection [RFC7975],

>

>   When a uCDN delegates a dCDN to delivery of HTTPS traffic using DNS

>   Redirection [RFC7975],

>

>



Done



> * typo (missing parentheses):

>

> OLD

>

>    The ACMEDelegationMethod applies to both ACME STAR delegation,

>    which provides a delegation model based on short-term certificates

>    with automatic renewal Section 2.3.2 of [RFC9115], and non-STAR

>    delegation, which allows delegation between CDNs using long-term

>    certificates Section 2.3.3 of [RFC9115].

>

> NEW

>

>    The ACMEDelegationMethod applies to both ACME STAR delegation,

>    which provides a delegation model based on short-term certificates

>    with automatic renewal (Section 2.3.2 of [RFC9115]), and non-STAR

>    delegation, which allows delegation between CDNs using long-term

>    certificates (Section 2.3.3 of [RFC9115]).

>



Done



> ## §3.1

>

> * this seems to suggest that the consumer can tell STAR and non-STAR

>   based on "delegation certificate validity", but it's not clear to me

>   what that means.

>

>    The ACMEDelegationMethod object allows a uCDN to both define STAR

>    and non-STAR delegation depending on the delegation certificate

>    validity.

>

>   From the following examples (§3.1.1) I gather there's an implicit

>   way to distinguish based on the presence/absence of the lifetime*

>   properties.  Is that what was intended?  If so, it should be

>   clarified.



Done





_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.