Two comments on the third paragraph of section 4.1: - The addition of section identifiers for the references makes the sentences harder to read. Maybe wrapping the section identifiers and reference in parentheses. - The preparation of the URI uses the keyIdentifier field of AuthorityKeyIdentifier. That field is optional. What should occur if it is absent (or if AKID is absent)? Given 5280 requires uniqueness for issuer name and serial and the issuer field is not optional, would the issuer field make for a better target than AKID? If this mechanism only applies to certs that conform to a profile that requires presence of key identifier in the AKID extension, state that up front.
On 2/8/24, 4:01 PM, "[email protected] <mailto:[email protected]> on behalf of [email protected] <mailto:[email protected]>" <[email protected] <mailto:[email protected]> on behalf of [email protected] <mailto:[email protected]>> wrote: Internet-Draft draft-ietf-acme-ari-03.txt is now available. It is a work item of the Automated Certificate Management Environment (ACME) WG of the IETF. Title: Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension Author: None Name: draft-ietf-acme-ari-03.txt Pages: 10 Dates: 2024-02-08 Abstract: This document specifies how an ACME server may provide suggestions to ACME clients as to when they should attempt to renew their certificates. This allows servers to mitigate load spikes, and ensures clients do not make false assumptions about appropriate certificate renewal periods. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-acme-ari/ <https://datatracker.ietf.org/doc/draft-ietf-acme-ari/> There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html <https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html> A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-ari-03 <https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-ari-03> Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ Acme mailing list [email protected] <mailto:[email protected]> https://www.ietf.org/mailman/listinfo/acme <https://www.ietf.org/mailman/listinfo/acme> _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
