Telechat Review of draft-ietf-acme-acme-07
review-ietf-acme-acme-07-opsdir-telechat-vyncke-2017-10-23-00

Request Review of draft-ietf-acme-acme
Requested rev. no specific revision (document currently at 08)
Type Telechat Review
Team Ops Directorate (opsdir)
Deadline 2017-10-24
Requested 2017-09-27
Other Reviews Genart Telechat review of -07 by Dale Worley (diff)
Review State Completed
Reviewer Eric Vyncke
Review review-ietf-acme-acme-07-opsdir-telechat-vyncke-2017-10-23
Posted at https://www.ietf.org/mail-archive/web/ops-dir/current/msg02909.html
Reviewed rev. 07 (document currently at 08)
Review result Has Issues
Draft last updated 2017-10-23
Review closed: 2017-10-23

Review
review-ietf-acme-acme-07-opsdir-telechat-vyncke-2017-10-23

I reviewed the document " Automatic Certificate Management Environment (ACME)" (draft-ietf-acme-acme-07) as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.

 

These comments were written primarily for the benefit of the operational area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

 

ACME is a client/server protocol used to obtain certificate via a web domain validation.

 

The protocol includes error message/signaling with well-defined errors which is good. It also includes a way to check the status of any certificate signing request which is also good for operations. Key roll-over are also specified.

 

The section 11 is about 'operational considerations' and its content is also useful.

 

I am puzzled by the lack of version in the protocol itself. There is just a User-Agent string with 'the name and version of the ACME software' of the client but it is not about the version of the protocol.

 

Beside this lack of version, ACME appears like a well-thought protocol taken into consideration operations.

 

-éric