[Gen-art] Genart last call review of draft-ietf-acme-email-smime-08

Peter Yee via Datatracker <noreply@ietf.org> Thu, 09 July 2020 08:21 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Peter Yee via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
Cc: draft-ietf-acme-email-smime.all@ietf.org, last-call@ietf.org, acme@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <159428288280.21264.7200695250082171545@ietfa.amsl.com>
Reply-To: Peter Yee <peter@akayla.com>
Date: Thu, 09 Jul 2020 01:21:22 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/0-VruvkzodQPO6LV0Gl0hhwY_as>
Subject: [Gen-art] Genart last call review of draft-ietf-acme-email-smime-08

Reviewer: Peter Yee
Review result: Ready with Issues

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-acme-email-smime-08
Reviewer: Peter Yee
Review Date: 2020-07-09
IETF LC End Date: 2020-07-09
IESG Telechat date: Not scheduled for a telechat

Summary: This Informational Track draft defines an ACME challenge to be used in
the issuance of S/MIME certificates. I have points I'd like to see clarified as
well as some nits that need to be cleaned up before I would declare it ready.
[Ready with Issues]

Major issues: None

Minor issues:

General: this draft doesn’t frame the operation of the ACME request that uses
this challenge. It mentions a token-part2 that magically arrives over HTTPS,
but gives no indication of why this happened or what causes the generation of
the email challenge. Some context around when this challenge is invoked and
what signals the ACME server that this challenge is required would be helpful.

Page 3, 1st enumerated item: I find the definition of “first part of the token”
to be far looser than it needs to be. You merely say that it needs to contain
64 bits of entropy. Is there an upper bound? Do you need to say anything about
it not being reused in another challenge?

Page 4, example Subject header field: it would be much better if you gave an
actual example of a base64url-encoded value here rather than some explanatory
text in much the same way you have given actual, legal values for Date,
Message-ID, etc.

Page 5, section 3.2, 1st enumerated item, 1st sentence: it doesn’t seem like
you particularly care what is in front of “ACME:”. While you say it’s typically
“Re:” , it could be anything. Would there ever be a case to reject a response
message based on what appears before “ACME:”? I’d like to see a little more
rigor here on what’s required. Some characters followed by a colon and a white
space before the “ACME:” suffices?

Page 5, section 3.2, 6th enumerated item, 2nd sentence: where it says
“calculated based on”…, it would be preferable to point back to page 3, 2nd
enumerated item where you explicitly indicate that the two token parts are
concatenated.

Page 5, section 3.2, 6th enumerated item, last sentence: I’m assuming that
ACME-unaware clients are only receiving this email in the case of the email
being bounced to an administrator or returned to the user. In either case, it’s
not the client that will be reading this outside-the-block text, it’s a user.
There’s no processing to be done on that text.

Page 7, example Subject header field: use a real value here, please.

Nits/editorial comments:

Page 2, Section 1, 2nd paragraph, change "end user" to "end-user".

Page 2, section 3, 1st paragraph, 1st sentence: insert "a" before "dns".

Page 3, 2nd paragraph, insert "the" before "email".

Page 3, 1st enumerated item, 1st sentence: insert "The" at the beginning of the
sentence. Change "bit" to "bits".

Page 3, 1st enumerated item, 2nd sentence: change "bit" to "bits".

Page 3, 2nd enumerated item, 1st sentence: insert "The" at the beginning of the
sentence. Change “key-authz” to “keyAuthorization”.

Page 3, 3rd paragraph (the one immediately following the first two enumerated
items): insert “the” before “CSR”.

Page 3, section 3.1, 1st enumerated item, 1st sentence: append a comma and
“which” after “<token-part1>”. Change “bit” to “bits”.

Page 3, section 3.1, 1st enumerated item, 2nd sentence: insert “the” before
“recommended”. Change “78 octet” to “78-octet”.

Page 3, section 3.1, 1st enumerated item, 3rd sentence: insert “the message”
before “subject”. Change “subject” to “Subject”. Append “header field” after
“Subject”. Append a comma after “i.e.”.

Page 3, section 3.1, 2nd enumerated item: insert “the” before “S/MIME”.

Page 3, section 3.1, 3rd enumerated item: insert “a” before “Reply-To”.

Page 4, section 3.1, 4th enumerated item, 2nd sentence: insert “the” before
“type=acme”.

Page 4, section 3.1, 4th enumerated item, 3rd sentence: insert “the” before
“syntax”. Insert “the” before “Auto-Submitted”.

Page 4, section 3.1, 5th enumerated item: this is a repeat of item 3 on page 3
and should be deleted.

Page 4, section 3.1, 6th enumerated item, 2nd sentence: insert “the” before
“From”. Append a comma after “Content-Type”.

Page 4, section 3.1, 7th enumerated item, 4th sentence: insert “a” before
“human”. Change the space after “human” to a hyphen.

Page 4, section 3.1, 7th enumerated item, 5th sentence: insert “the” before
“multipart/signed”

Page 4, section 3.1, 1st paragraph after enumerated items: insert “An” before
“Example”. Change “Example” to “example”.

Page 4, example body text, 2nd sentence: delete “an” before “S/MIME”.

Page 5, section 3.2, 1st enumerated item, 2nd sentence: change “bit” to “bits”.

Page 5, section 3.2, 1st enumerated item, 3rd sentence: insert “the” before
“recommended”. Change “78 octet” to “78-octet”.

Page 5, section 3.2, 1st enumerated item, 4th sentence: insert “the message”
before “subject”. Change “subject” to “Subject”. Append “header field” after
“Subject”. Append a comma after “i.e.”.

Page 5, section 3.2, 6th enumerated item, 1st sentence: insert “The” at the
beginning of the sentence. Change “Media” to “media”.

Page 5, section 3.2, 6th enumerated item, 2nd sentence: insert “the” before
“base64url”. Change the space after “base64url” to a hyphen.

Page 5, section 3.2, 6th enumerated item, 3rd sentence: change “historic” to
“historical”. Delete the period that follows the closing parenthesis.

Page 5, section 3.2, 6th enumerated item, 4th sentence: change “the” to “a”
before “line containing”.

Page 6, section 3.2, 8th enumerated item, 2nd sentence: insert “the” before
“From”. Append a comma after “Content-Type”.

Page 6, 1st paragraph after the enumerated items: insert “An” before “Example”.
Change “Example” to “example”.

Page 6, section 4, 2nd paragraph: change “non ASCII” to “non-ASCII”.

Page 7, section 6, 2nd paragraph, 1st sentence: insert “The” before “Security”.
Change “Security” to “security”. Insert “the” before “email-reply-00”. Insert
“the” before “security of”. Insert “the” before “email system”.

Page 7, section 6, 2nd paragraph, 2nd sentence: insert “a” before “user’s”.
Change “feature” to “features”.

Page 7, section 6, 3rd paragraph, 1st sentence: insert “An” before “Email”.
Change “Email” to “email”.

Page 10, Appendix A: delete an excess space in after “v.”.  Append a period
after the “A” in “James A Baker”. Append a comma after “Schwartz”. Append a
comma after “comments”.

[Gen-art] Genart last call review of draft-ietf-a… Peter Yee via Datatracker
Re: [Gen-art] [Acme] Genart last call review of d… Alexey Melnikov