Last Call Review of draft-ietf-acme-ari-06
review-ietf-acme-ari-06-dnsdir-lc-huston-2024-11-23-00
Request | Review of | draft-ietf-acme-ari |
---|---|---|
Requested revision | No specific revision (document currently at 07) | |
Type | Last Call Review | |
Team | DNS Directorate (dnsdir) | |
Deadline | 2024-12-06 | |
Requested | 2024-11-22 | |
Authors | Aaron Gable | |
I-D last updated | 2024-11-23 | |
Completed reviews |
Tsvart Last Call review of -06
by Michael Tüxen
(diff)
Dnsdir Last Call review of -06 by Geoff Huston (diff) Secdir Last Call review of -06 by Shawn M Emery (diff) Genart Last Call review of -07 by Susan Hares Dnsdir Telechat review of -07 by Geoff Huston Secdir Telechat review of -07 by Shawn M Emery |
|
Assignment | Reviewer | Geoff Huston |
State | Completed | |
Request | Last Call review on draft-ietf-acme-ari by DNS Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/dnsdir/1J5hYF9a9b-7fzkoTRwDPeV6fzo | |
Reviewed revision | 06 (document currently at 07) | |
Result | Ready w/nits | |
Completed | 2024-11-23 |
review-ietf-acme-ari-06-dnsdir-lc-huston-2024-11-23-00
Overall the specification is quite reasonable. I have some nots that I feel would improve the readability of the document. 1. Introduction, "All three techniques lead to load clustering for the issuing CA." I'm not sure I see the logic behind this assertion. I can parse this more successfully if the text said "All three techniques may lead to load clustering for the issuing CA due to the inability of the issuing CA to schedule renewal requests". 2. Introductioon: "Allowing issuing CAs to suggest a period in which clients should renew their certificates enables for dynamic time-based load balancing." There is a word missing here - enables WHAT? 3. Introduction, "by which ACME clients may inform ACME servers that a certificate has been renewed and replaced." I'm confused - I thought it was up to the server to renew and replace a certificate, not the client. This sentence suggests the opposite. 4. Section 4.2 RenewalInfo Objects. The structure of this section is not obvious to the reader. I suggest selective indentqation to highlight the structure of the paragraph. For example: The structure of an ACME renewalInfo resource is as follows: - suggestedWindow (object, required): A JSON object with two keys, "start" and "end", whose values are timestamps, encoded in the format specified in [RFC3339], which bound the window of time in which the CA recommends renewing the certificate. 5. Section 5 Extensions to the Order Object The same commect er per section 4.2 - some rudimentary text markup the structure of the paragraph would help. 6. Section 6 Security Considerations. This specification assumes time synchronisation betwEen client and server. It would be useful for the document to note the potential failure modes when client and server are not time-synchronised.