IETF Last Call Review of draft-ietf-acme-device-attest-01
review-ietf-acme-device-attest-01-opsdir-lc-cocker-2026-02-12-00

Hi,

I have been selected as the Operational Directorate (opsdir) reviewer for this
Internet-Draft.

The Operational Directorate reviews all operational and management-related
Internet-Drafts to ensure alignment with operational best practices and that
adequate operational considerations are covered.

A complete set of _"Guidelines for Considering Operations and Management in
IETF Specifications"_ can be found at
https://datatracker.ietf.org/doc/draft-ietf-opsawg-rfc5706bis/.

While these comments are primarily for the Operations and Management Area
Directors (Ops ADs), the authors should consider them alongside other feedback
received.

- Document: [draft-ietf-acme-device-attest-01]

- Reviewer: [Nabeel Cocker]

- Review Date: [02-12-2026]

- Intended Status: [Standards Track]

---

## Summary

Choose one:

- Ready: No issues found. This document is ready for publication.

A couple of minor nits:
- One minor nit in the introduction section: "device /and whether"
- Spelling error in paragraph before section 2: explict > explicit

## General Operational Comments Alignment

The document adds variances to the ACME specification such as a addition of
permanent-identifier, addition of the device-attest-01 challenge type, the
challenge response payload contains a serialized WebAuthn attestation statement
format instead of an empty JSON object ({}) and accounts and external account
binding being used as a mechanism to pre-authenticate requests to an enterprise
CA.

From an operational consideration perspective it does not define a New
Protocol, a Protocol Extension, or an architecture but provides guidance on
implementing a new type and challenge for certificate issuance using ACME.

The document also cover the IANA considerations indicating updates to the "ACME
Identifier Types" registry and the "ACME Validation Methods" registry.

---
Thank you to the authors for the effort!

Nabeel