Telechat Review of draft-ietf-acme-acme-07
I reviewed the document " Automatic Certificate Management Environment (ACME)" (draft-ietf-acme-acme-07) as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the operational area directors. Document editors and WG chairs should treat these comments just like any other last call comments.
ACME is a client/server protocol used to obtain certificate via a web domain validation.
The protocol includes error message/signaling with well-defined errors which is good. It also includes a way to check the status of any certificate signing request which is also good for operations. Key roll-over are also specified.
The section 11 is about 'operational considerations' and its content is also useful.
I am puzzled by the lack of version in the protocol itself. There is just a User-Agent string with 'the name and version of the ACME software' of the client but it is not about the version of the protocol.
Beside this lack of version, ACME appears like a well-thought protocol taken into consideration operations.