Skip to main content

Last Call Review of draft-ietf-acme-authority-token-tnauthlist-07

Request Review of draft-ietf-acme-authority-token-tnauthlist
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2021-03-16
Requested 2021-02-23
Authors Chris Wendt , David Hancock , Mary Barnes , Jon Peterson
I-D last updated 2021-03-15
Completed reviews Genart Last Call review of -07 by Pete Resnick (diff)
Secdir Last Call review of -07 by Nancy Cam-Winget (diff)
Artart Telechat review of -08 by Sean Turner (diff)
Assignment Reviewer Pete Resnick
State Completed
Review review-ietf-acme-authority-token-tnauthlist-07-genart-lc-resnick-2021-03-15
Posted at
Reviewed revision 07 (document currently at 13)
Result Ready with Nits
Completed 2021-03-15
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-acme-authority-token-tnauthlist-07
Reviewer: Pete Resnick
Review Date: 2021-03-15
IETF LC End Date: 2021-03-16
IESG Telechat date: Not scheduled for a telechat


Looks fine. Some of the MUSTs look weird or superfluous to me and could
probably use a scrub, and a couple are a bit confusing, but none is so bad that
I would raise them as an "issue"; call them "nits/editorial comments".

Major issues:


Minor issues:


Nits/editorial comments:

Section 1: It's not clear to me what the purpose of the third paragraph in the
intro is. It sounds like it's just describing section 9 of RFC 8226, but it is
not distinguishing it from or comparing it to this document. Is it really

Section 3:

Instead of a reference to 7.4 of RFC 8555, perhaps a reference to section 7
generally would help, or perhaps a reference later in this section to 7.1.4.
Once I got down to the examples, I had to go look at 7.1.4 to familiarize
myself with the operation to understand what I was looking at.

Total nit, and just a personal pet peeve: It always seems silly to me to use
MUST where the meaning of that word is "MUST do what the protocol we are hereby
defining says to do". So instead of "MUST include", it could simply be
"includes", and "MUST be" could be "is" in the two places it occurs. These
three did not cause any significant confusion, whereas the ones is section 4
and 5.4 did cause some (see below). Either way, you should review all of them
in the document and decide what is truly needed.

Section 4:

Where it says, "a CA MUST use the Authority Token challenge type of "tkauth-01"
with a "tkauth-type" of "atc"", I am left to wonder what other choice the CA
might make such that you have to warn it that it MUST use these. Why is "uses"
not sufficient?

Conversely, when you say that the "token-authority" parameter is "optional"
(did you mean OPTIONAL): Is that really true? Is it that it MUST be used "in
cases where the VoIP telephone network requires the CA to identify the Token
Authority" (in which case it's not OPTIONAL), or is that simply an operational
consideration, and protocol-wise it is truly OPTIONAL? On the other hand, the
MAY and MUST at the end of the paragraph seem more appropriately to be "can"
and "can only". And the MUST in the following paragraph seems like another of
the ones in which you could change "MUST respond" to "responds".

Section 5:

The last paragraph seems superfluous.

Section 5.4:

The MUST NOT in the third bullet actually caused me a bit of confusion: I tried
to read it as a requirement of this document. I think you mean "is not" instead
of "MUST NOT be".

Section 5.5:

   The response to the POST request if successful MUST return a 200 OK
   with a JSON body that contains, at a minimum, the TNAuthList...

I think instead you mean:

   The response to the POST request if successful returns a 200 OK with
   a JSON body that MUST contain, at a minimum, the TNAuthList...

Then you won't need the "...however..." bit at the end of the next sentence.

In the last paragraph, why "SHOULD" and not "MUST"?