Skip to main content

Last Call Review of draft-ietf-acme-authority-token-tnauthlist-07

Request Review of draft-ietf-acme-authority-token-tnauthlist
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2021-03-16
Requested 2021-02-23
Authors Chris Wendt , David Hancock , Mary Barnes , Jon Peterson
I-D last updated 2021-03-25
Completed reviews Genart Last Call review of -07 by Pete Resnick (diff)
Secdir Last Call review of -07 by Nancy Cam-Winget (diff)
Artart Telechat review of -08 by Sean Turner (diff)
Assignment Reviewer Nancy Cam-Winget
State Completed
Review review-ietf-acme-authority-token-tnauthlist-07-secdir-lc-cam-winget-2021-03-25
Posted at
Reviewed revision 07 (document currently at 13)
Result Has Nits
Completed 2021-03-25
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes the extensions to ACME to allow for a third party Token
Authority also act as the authority and authorization of entities to control a
resource; the use case and motivating scenario described in the draft is for a
telephone authority to be the authority for creating CA types of certificates
for (STIR) delegation.  The document assumes full knowledge of a set of drafts
and is straightforward.  I only have a couple of nits but otherwise I think it
is ready.

Section 5.2: the "exp" claim is mute on SHOULD vs MUST, it seems that you would
want to have such a claim so minimally a SHOULD?

Section 5.3: is this optional, may or must?

Section 5.4: personal nit, the section should specify this claim to be a MUST,
it is implicitly stated but would prefer it to be explicit.

Section 6:
 -I presume that "verify the atc field" is actually verifying that the
 TNAuthList token is valid?