[secdir] secdir review of draft-ietf-acme-acme-12

"Scott G. Kelly" <scott@hyperthought.com> Tue, 03 July 2018 00:29 UTC

Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B02F9130EBF for <secdir@ietfa.amsl.com>; Mon, 2 Jul 2018 17:29:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 8fYvjlb0_l_6 for <secdir@ietfa.amsl.com>; Mon, 2 Jul 2018 17:29:38 -0700 (PDT)
Received: from smtp114.iad3a.emailsrvr.com (smtp114.iad3a.emailsrvr.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D1EE130E99 for <secdir@ietf.org>; Mon, 2 Jul 2018 17:29:38 -0700 (PDT)
Received: from smtp39.relay.iad3a.emailsrvr.com (localhost []) by smtp39.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id C67865C9B; Mon, 2 Jul 2018 20:29:33 -0400 (EDT)
Received: from app51.wa-webapps.iad3a (relay-webapps.rsapps.net []) by smtp39.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id B76795C8B; Mon, 2 Jul 2018 20:29:33 -0400 (EDT)
X-Sender-Id: scott@hyperthought.com
Received: from app51.wa-webapps.iad3a (relay-webapps.rsapps.net []) by (trex/5.7.12); Mon, 02 Jul 2018 20:29:33 -0400
Received: from hyperthought.com (localhost.localdomain []) by app51.wa-webapps.iad3a (Postfix) with ESMTP id A683B400A5; Mon, 2 Jul 2018 20:29:33 -0400 (EDT)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Mon, 2 Jul 2018 17:29:33 -0700 (PDT)
X-Auth-ID: scott@hyperthought.com
Date: Mon, 2 Jul 2018 17:29:33 -0700 (PDT)
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-acme-acme.all@ietf.org
MIME-Version: 1.0
Content-Type: text/plain;charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
Message-ID: <1530577773.679428211@apps.rackspace.com>
X-Mailer: webmail/15.2.1-RC
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/7cMdYq6tlW0e6wn1PYzBQz2m3L4>
Subject: [secdir] secdir review of draft-ietf-acme-acme-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 00:29:41 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is ready.

This document describes an online certificate enrollment protocol that automates the certificate issuance and verification process. The document currently focuses on the web server use case where the identifier is a domain name. The security considerations section is well-written and detailed. I don't see any issues with this document.