Ballot for draft-ietf-kitten-pkinit-freshness
Yes
No Objection
Note: This ballot was opened for revision 07 and is now closed.
As mentioned by Scott Bradner in his OPS-DIR review, some words about operational guidance (not implementation guidance) would be welcome: " what kind of message could the operator give to their users to minimize the disruption when errors start popping up " would be welcome. See https://www.ietf.org/mail-archive/web/ops-dir/current/msg02267.html.
This was a Discuss, but I changed it to a comment because we don't need both me and Kathleen holding the same issue: "I am concerned about the issue that Russ Housley raised in his Gen-ART review: bad practices in creating the freshness tokens creates a security issue. If this cannot be handled in the way that Russ initially suggested (setting a minimum number of bits) then a proper discussion of the issue and recommendations to avoid the problems need to be included in the security considerations section." Other issues from Russ' Gen-ART review should also be addressed (editorial ones + possible max size).
Thanks for covering my prior discuss with a paragraph provided as an RFC editor note.