[secdir] secdir last call review of draft-ietf-acme-ip

Dan Harkins <dharkins@lounge.org> Mon, 03 June 2019 01:38 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 59CEC1200D6; Sun, 2 Jun 2019 18:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id yGn236QMsk8J; Sun, 2 Jun 2019 18:38:14 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7F7E12004E; Sun, 2 Jun 2019 18:38:11 -0700 (PDT)
Received: from trixy.bergandi.net (cpe-76-93-146-89.san.res.rr.com []) by wwwlocal.goatley.com (PMDF V6.8-0 #1001) with ESMTP id <0PSI00BAE1VN4N@wwwlocal.goatley.com>; Sun, 02 Jun 2019 20:38:11 -0500 (CDT)
Received: from thinny.local ([]) by trixy.bergandi.net (PMDF V6.7-x01 #1001) with ESMTPSA id <0PSI0053O1RHMN@trixy.bergandi.net>; Sun, 02 Jun 2019 18:35:52 -0700 (PDT)
Received: from unknown ([] EXTERNAL) (EHLO thinny.local) with TLS/SSL by trixy.bergandi.net ([]) (PreciseMail V3.3); Sun, 02 Jun 2019 18:35:52 -0700
Date: Sun, 02 Jun 2019 18:37:58 -0700
From: Dan Harkins <dharkins@lounge.org>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-acme-ip.all@ietf.org
Message-id: <2696ffe2-18b3-1609-774f-23a1fe4af856@lounge.org>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_tellhz+jTsp0UM8dcB1/Dg)"
Content-language: en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
X-PMAS-SPF: SPF check skipped for authenticated session (recv=trixy.bergandi.net, send-ip=
X-PMAS-External-Auth: unknown [] (EHLO thinny.local)
X-PMAS-Software: PreciseMail V3.3 [190528b] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/PnrgLQpqQCFEaeUHR49QOa8E8LE>
Subject: [secdir] secdir last call review of draft-ietf-acme-ip
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jun 2019 01:38:17 -0000


   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

   The summary of the review is READY.

   This draft adds two new ACME Validation Methods to allow for validation
of IPv4 and IPv6 addresses in X.509 certificates. It is short, simple,
and to the point. The Security Considerations are minimal (basically "see
this other RFC") but given what is being added seem entirely fine.