A couple of comments: 0) abstract: r/exposed to an attacker/exposed to an unauthorized user
It’s not just attackers, you could unwittingly disclose your key and still need to revoke it. 1) abstract and s1.2: in abstract: r/short- term and automatically renewed (STAR) certificates/short- term and automatically renewed (STAR) X.509 certificates in s1.2: r/Short-Term, Automatically Renewed X.509 certificates/Short-Term and Automatically Renewed X.509 certificates. 2) s1.1 and s1.2: Identity Owner or Identifier Owner? 3) s1.3: Use the text BCP14: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 4) s2 and s1.2: I think you should drop the term NDC and the paragraph describing the optional protocol. You can easily say in I-D.sheffer-acme-star-request that the model in draft-ietf-acme-star can be extended to also include the NDC. I kept thinking why on earth is NDC here - it’s only mentioned twice (after s5 is removed) and clearly looks like a hook that is not needed in this draft. You already get the reference to I-D.sheffer-acme-star-request from s1.1. I could see dropping that section too, frankly. 5) s2.3: An error is returned in step 2. I didn’t see a “terminated” error in draft-ietf-acme-amce and there’s not one defined here. 6) s3.1.1: Can you use the same way of describing the attributes as in draft-ietf-acme-acme: e.g. recurrent (required, boolean). 6) s3.1.1: should recurrent-start-date "optional" be “OPTIONAL”? It’s stating a 2119-requirement right? 7) s3.1.1: What is returned if the notBefore and notAfter is included? 8) s3.2: Again can you use the same way of describing the attributes as draft-ietf-acme-acme. 9) s4.1: It seems like some of this advice is just about STAR certificates it seems to be providing advice about *all* server certificates. Does it belong in this draft? 10) s7.2: While I tend to agree that defining the time for "short” is probably futile don’t you at least have to address some kind of concerns about getting it wrong? spt > On Jul 26, 2018, at 10:36, Salz, Rich <[email protected]> > wrote: > > This message begins a two-week working group last call for > draft-ietf-acme-star-03. This was supposed to enter WGLC at IETF 101 in > London, but the chairs dropped the ball. > > If anyone is willing to shepherd this document, please also speak up. > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
