Skip to main content

Last Call Review of draft-ietf-lamps-cert-binding-for-multi-auth-05
review-ietf-lamps-cert-binding-for-multi-auth-05-artart-lc-sparks-2024-05-15-00

Request Review of draft-ietf-lamps-cert-binding-for-multi-auth
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team ART Area Review Team (artart)
Deadline 2024-05-16
Requested 2024-05-02
Authors Alison Becker , Rebecca Guthrie , Michael J. Jenkins
I-D last updated 2024-05-15
Completed reviews Artart Last Call review of -05 by Robert Sparks
Secdir Last Call review of -05 by Scott G. Kelly
Assignment Reviewer Robert Sparks
State Completed
Request Last Call review on draft-ietf-lamps-cert-binding-for-multi-auth by ART Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/art/MQE0qzwbpavjAW73aAS0n2H8aM8
Reviewed revision 05
Result Ready
Completed 2024-05-15
review-ietf-lamps-cert-binding-for-multi-auth-05-artart-lc-sparks-2024-05-15-00
Summary: Ready for publication as a Proposed Standard RFC

I did not find any artart specific issues to point to in this document.

I did not re-verify the ASN, trusting that the shepherd (who has much sharper
skills there than I) got that right. (The shepherd report is very good - thank
you for that).

Some editorial suggestions:

More detail in the motivation would have been nice.

There is evidence in the security considerations section of earlier concern
expressed with the requirement that a CA processing a CSR MUST fetch a provided
URL. I'll add to that and suggest that framing the set of requirements more
carefully to "If the CA is willing to process the CSR" to leave room for common
sense operational decisions to not appear to conflict with the requirement.

I also found the "ED Note" calling out (I assume) the discussion of _not using_
SCVPCertID instead of this extension, but quoting the structure anyway, pretty
confusing. Please consider if it will stimulate implementor error.