Last Call Review of draft-ietf-acme-integrations-12
review-ietf-acme-integrations-12-secdir-lc-salowey-2023-01-18-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is the document is Ready

The document describes the integration of Acme with various enrollment
protocols.  For the most part it seems straight forward.

I have one question, bot EST and TEAP allow the option for the client to bind
the PKCS#10 message to the TLS tunnel by inserting the TLS unique into the
message challenge password field.  The draft makes no mention of this 
facility, should it?  I we expect that the default expectation would be this
would be included unless there was a reason not to.