[secdir] Secdir last call review of draft-ietf-acme-tls-alpn-06

Daniel Migault via Datatracker <noreply@ietf.org> Thu, 26 September 2019 03:18 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E4230120110; Wed, 25 Sep 2019 20:18:03 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Daniel Migault via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: draft-ietf-acme-tls-alpn.all@ietf.org, acme@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.102.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Daniel Migault <daniel.migault@ericsson.com>
Message-ID: <156946788383.28879.9452952567486964215@ietfa.amsl.com>
Date: Wed, 25 Sep 2019 20:18:03 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Ex88DBYthpsXjtU4wJcT6zcVmc8>
Subject: [secdir] Secdir last call review of draft-ietf-acme-tls-alpn-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2019 03:18:04 -0000

Reviewer: Daniel Migault
Review result: Ready


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready

My only comment was that the text above may need some clarification.
"""This separation of layers can improve security and usability of ACME
validation.""" More specifically, it was unclear to me if the improvement
concerns the presented challenge versus the other ones (DNS or HTTP)  or
something else.