Skip to main content

Last Call Review of draft-ietf-lamps-rfc4210bis-14
review-ietf-lamps-rfc4210bis-14-genart-lc-dunbar-2024-10-28-00

Request Review of draft-ietf-lamps-rfc4210bis
Requested revision No specific revision (document currently at 18)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2024-10-23
Requested 2024-10-09
Authors Hendrik Brockhaus , David von Oheimb , Mike Ounsworth , John Gray
I-D last updated 2024-10-28
Completed reviews Tsvart Last Call review of -14 by Colin Perkins (diff)
Genart Last Call review of -14 by Linda Dunbar (diff)
Secdir Last Call review of -14 by Scott G. Kelly (diff)
Opsdir Last Call review of -14 by Ran Chen (diff)
Assignment Reviewer Linda Dunbar
State Completed
Request Last Call review on draft-ietf-lamps-rfc4210bis by General Area Review Team (Gen-ART) Assigned
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/Gauhwcdwk-gXbF1flaWVuyNjf7Q
Reviewed revision 14 (document currently at 18)
Result Ready
Completed 2024-10-28
review-ietf-lamps-rfc4210bis-14-genart-lc-dunbar-2024-10-28-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://wiki.ietf.org/en/group/gen/GenArtFAQ>.

Document: draft-ietf-lamps-rfc4210bis-14
Reviewer: Linda Dunbar
Review Date: 2024-10-28
IETF LC End Date: 2024-10-23
IESG Telechat date: Not scheduled for a telechat

Summary:
The document provides an extensive update to RFC 4210 with significant details
on X.509 PKI management, message formats, and certificate operations.

Major issues: As I am not an implementer, I can't identify any major issues of
the message formats and operations just from reading them.

Minor issues:

Nits/editorial comments:

Section 4.4 outlines the Root CA Key Update process, including conditions for
maintaining old and new CA key pairs and link certificates. Given the
complexity of this process, additional operational guidance would be beneficial
for real-world scenarios, particularly in scenarios where multiple CA key
updates may overlap. The document could provide examples or recommendations on
updating practices, particularly where different validity periods for
certificates and keys could create unexpected verification issues.

Best Regards,
Linda Dunbar