Hi! Some comments: tl;dr: Let the experiment begin!
# General I thought this document is well written and easy to follow. # Nits 1) s1: s/certificate authorities/Certification Authorities (CAs) 2) s2: I think maybe you can drop the IANA-SMI reference here: … identified by id-on-bundleEID of [IANA-SMI], consistent with the requirements of Section 4.4.2.1 of [RFC9174]. RFC 9174 includes the OID and the semantics so unless you’re changing that I think this text could be: … identified by id-on-bundleEID, consistent with the requirements of Section 4.4.2.1 of [RFC9174]. 3) s3.3: r/[draft-ietf-cose-hash-algs]/[RFC9054] 4) s5: A better reference for id-kp-bundleSecurity would be [RFC9174], at least I think it is because that’s where id-kp-bundleSecurity is defined. 5) s5.2: I think the last para needs a little tweaking. Just because a client asks for signature only certificate for a DH key shouldn’t mean they get it ;) Maybe something like, “Obviously, the request for signature-only and encryption-only certificates is algorithm dependent” or something like that. 6) Appendix A: I think you need to include text that states this Appendix is a normative part of the specification. Often Appendices are considered informative, but this one includes the definition of the CDDL. Cheers, spt > On Aug 18, 2022, at 06:13, Deb Cooley <[email protected]> wrote: > > A reminder: we need a few more eyes on this draft to move it forward. > > Deb (and Yoav) > > On Thu, Jul 28, 2022 at 8:19 PM Deb Cooley <[email protected]> wrote: > Dear ACME, > > We need to get some eyes on this draft - draft-ietf-acme-dtnnodeid. If you > have time, please take a look and let us know whether you think it is ready > (or make comments). We are hoping to get this draft finished! > > Deb Cooley > > On Tue, May 24, 2022 at 5:29 PM Sipos, Brian J. <[email protected]> > wrote: > All, > > I haven’t seen any reviews of the last draft version -09. I hope that the > closer alignment with RFC 8823 makes its understanding and analysis easier. > > > > From: Acme <[email protected]> On Behalf Of Deb Cooley > Sent: Tuesday, May 24, 2022 7:39 AM > To: IETF ACME <[email protected]>; Brian Sipos <[email protected]> > Cc: Roman Danyliw <[email protected]>; Dorothy E Cooley <[email protected]> > Subject: [EXT] Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-09.txt > > > > APL external email warning: Verify sender [email protected] before > clicking links or attachments > > > > Did we ever get reviews on the updated draft? If not, can we get some (or > revive the) volunteers? > > > > Deb Cooley > > > > On Mon, Mar 21, 2022 at 7:12 AM Deb Cooley <[email protected]> wrote: > > It is on the agenda. We will ask for volunteers to review. > > > > Deb > > > > On Sun, Mar 20, 2022 at 5:29 PM Roman Danyliw <[email protected]> wrote: > > Hi! > > > > We’re past IETF LC in terms of document processing and -08 and -09 appear to > have changed protocol behavior. Since there hasn’t been any discussion about > this on the mailing list yet, I’d like to ask the WG to review these changes > (https://www.ietf.org/rfcdiff?url1=draft-ietf-acme-dtnnodeid-07&url2=draft-ietf-acme-dtnnodeid-09). > Please raise any objections by Friday April 1. > > > > Helpfully, this document is on the ACME meeting agenda tomorrow at IETF 113. > > > > Regards, > > Roman > > > > From: Acme <[email protected]> On Behalf Of Brian Sipos > Sent: Wednesday, March 2, 2022 11:27 PM > To: IETF ACME <[email protected]> > Subject: Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-09.txt > > > > All, > > I have posted an update to the Node ID Validation document which updates > references to now-published DTN RFCs (yay!) and adds algorithm agility for > the Key Authorization Digest to avoid the validation method being stuck on > SHA-256. It does add a publication dependency on the COSE hash document, but > that is in AUTH48 (though it's been stuck in that state for some time now). > > Comments are welcome and can be discussed at the next IETF. > > Brian S. > > > > On Wed, Mar 2, 2022 at 7:35 PM <[email protected]> wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Automated Certificate Management Environment > WG of the IETF. > > Title : Automated Certificate Management Environment (ACME) > Delay-Tolerant Networking (DTN) Node ID Validation Extension > Author : Brian Sipos > Filename : draft-ietf-acme-dtnnodeid-09.txt > Pages : 31 > Date : 2022-03-02 > > Abstract: > This document specifies an extension to the Automated Certificate > Management Environment (ACME) protocol which allows an ACME server to > validate the Delay-Tolerant Networking (DTN) Node ID for an ACME > client. The DTN Node ID is encoded as a certificate Subject > Alternative Name (SAN) of type otherName with a name form of > BundleEID and as an ACME Identifier type "bundleEID". > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-acme-dtnnodeid/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-09.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-dtnnodeid-09 > > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
