Skip to main content

Last Call Review of draft-ietf-acme-integrations-12
review-ietf-acme-integrations-12-secdir-lc-salowey-2023-01-18-00

Request Review of draft-ietf-acme-integrations
Requested revision No specific revision (document currently at 17)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2023-01-20
Requested 2023-01-06
Authors Owen Friel , Richard Barnes , Rifaat Shekh-Yusef , Michael Richardson
I-D last updated 2023-01-18
Completed reviews Dnsdir Last Call review of -14 by Ted Lemon (diff)
Dnsdir Last Call review of -15 by Ted Lemon (diff)
Dnsdir Telechat review of -16 by Ted Lemon (diff)
Dnsdir Last Call review of -12 by Ted Lemon (diff)
Artart Last Call review of -12 by John R. Levine (diff)
Secdir Last Call review of -12 by Joseph A. Salowey (diff)
Opsdir Last Call review of -12 by Bo Wu (diff)
Genart Last Call review of -12 by Tim Evens (diff)
Dnsdir Telechat review of -13 by Ted Lemon (diff)
Secdir Telechat review of -13 by Joseph A. Salowey (diff)
Assignment Reviewer Joseph A. Salowey
State Completed
Request Last Call review on draft-ietf-acme-integrations by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/4OuT7q14Kf5dpPEz9tpVs3vnL7Y
Reviewed revision 12 (document currently at 17)
Result Ready
Completed 2023-01-18
review-ietf-acme-integrations-12-secdir-lc-salowey-2023-01-18-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is the document is Ready

The document describes the integration of Acme with various enrollment
protocols.  For the most part it seems straight forward.

I have one question, bot EST and TEAP allow the option for the client to bind
the PKCS#10 message to the TLS tunnel by inserting the TLS unique into the
message challenge password field.  The draft makes no mention of this 
facility, should it?  I we expect that the default expectation would be this
would be included unless there was a reason not to.