Skip to main content

Last Call Review of draft-ietf-acme-integrations-12

Request Review of draft-ietf-acme-integrations
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2023-01-20
Requested 2023-01-06
Authors Owen Friel , Richard Barnes , Rifaat Shekh-Yusef , Michael Richardson
I-D last updated 2023-01-20
Completed reviews Dnsdir Last Call review of -12 by Ted Lemon (diff)
Artart Last Call review of -12 by John R. Levine (diff)
Secdir Last Call review of -12 by Joseph A. Salowey (diff)
Opsdir Last Call review of -12 by Bo Wu (diff)
Genart Last Call review of -12 by Tim Evens (diff)
Dnsdir Telechat review of -13 by Ted Lemon
Secdir Telechat review of -13 by Joseph A. Salowey
Assignment Reviewer Bo Wu
State Completed
Review review-ietf-acme-integrations-12-opsdir-lc-wu-2023-01-20
Posted at
Reviewed revision 12 (document currently at 13)
Result Has Nits
Completed 2023-01-20

I am the assigned ops reviewer for this draft.

This draft is an Informational draft, which defines the integration of ACME
with EST, Brisk, and TEEP for automatic certificate enrollment for devices.

It would be clearer if the draft title matchs the content,e.g. ACME integration
for device certificate enrollment.


1) In Section 6, s/enrol/enroll
After establishing the outer TLS tunnel, the TEAP server instructs the client
to enrol for a certificate by sending a PKCS#10 TLV in the body of a
Request-Action TLV.

2) In Section 9, s/the the/the
An attacker that has access to them, can provision their own certificates into
the the name space of the entity.