Telechat Review of draft-ietf-acme-acme-07
review-ietf-acme-acme-07-opsdir-telechat-vyncke-2017-10-23-00
| Request | Review of | draft-ietf-acme-acme |
|---|---|---|
| Requested revision | No specific revision (document currently at 18) | |
| Type | Telechat Review | |
| Team | Ops Directorate (opsdir) | |
| Deadline | 2017-10-24 | |
| Requested | 2017-09-27 | |
| Authors | Richard Barnes , Jacob Hoffman-Andrews , Daniel McCarney , James Kasten | |
| I-D last updated | 2017-10-23 | |
| Completed reviews |
Genart Telechat review of -07
by Dale R. Worley
(diff)
Opsdir Telechat review of -07 by Éric Vyncke (diff) Tsvart Telechat review of -08 by Martin Stiemerling (diff) Genart Last Call review of -11 by Dale R. Worley (diff) Genart Telechat review of -12 by Dale R. Worley (diff) Secdir Telechat review of -12 by Scott G. Kelly (diff) Genart Last Call review of -13 by Dale R. Worley (diff) |
|
| Assignment | Reviewer | Éric Vyncke |
| State | Completed | |
| Request | Telechat review on draft-ietf-acme-acme by Ops Directorate Assigned | |
| Reviewed revision | 07 (document currently at 18) | |
| Result | Has issues | |
| Completed | 2017-10-23 |
review-ietf-acme-acme-07-opsdir-telechat-vyncke-2017-10-23-00
I reviewed the document " Automatic Certificate Management Environment (ACME)" (draft-ietf-acme-acme-07) as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the operational area directors. Document editors and WG chairs should treat these comments just like any other last call comments. ACME is a client/server protocol used to obtain certificate via a web domain validation. The protocol includes error message/signaling with well-defined errors which is good. It also includes a way to check the status of any certificate signing request which is also good for operations. Key roll-over are also specified. The section 11 is about 'operational considerations' and its content is also useful. I am puzzled by the lack of version in the protocol itself. There is just a User-Agent string with 'the name and version of the ACME software' of the client but it is not about the version of the protocol. Beside this lack of version, ACME appears like a well-thought protocol taken into consideration operations. -éric