Hey Roman, Sorry for the lag on this, I’ve been occupied by non-IETF work recently.
I’ve done a pass based on your comments. I’m slightly confused about what you mean by including the clarify suggested in the previous AD review thread with regard to section 6 though. I believe the update in the -05 rev to section 6 clarified this ambiguity around the reverse mapping and SNI, do you think it still needs further work? I’ve pushed a branch with all of the suggested changes here: https://github.com/rolandshoemaker/acme-ip-validation/compare/ad-review-feedback-a If you no one has any objections to these updates I’ll submit a -06 rev with them. > On Apr 16, 2019, at 10:42 AM, Roman Danyliw <[email protected]> wrote: > > Hi! > > I'm pickup up where ekr left off on draft-ietf-acme-ip. I see that -05 > addressed some of the feedback from: > > https://mailarchive.ietf.org/arch/msg/acme/bGQtdDZ8i75t3dCt3EjPHxsGoG4 > > I have a few other items: > > (1) A bit of clean-up is needed in the references: > ** [FIPS180-4] [RFC4291] [RFC4648] appear in the references but are not > cited in the text > ** [I-D.ietf-acme-acme] is now RFC8555 > > (2) Missing security considerations. It appears that in pruning the text > from -04 to -05, this required section was dropped. Among other things, > please include the clarity suggested here: > > https://mailarchive.ietf.org/arch/msg/acme/j8peTskrxupK0AyJyJomS99iOqw > > (3) Section 8.1 -- I recommend clearer language in the IANA considerations > 8.1 by fully spelling out the registry names and ensure the registry column > names align with this text: > > OLD: Adds a new type to the Identifier list defined in Section 9.7.7 of > [I-D.ietf-acme-acme] with the label "ip" and reference I-D.ietf-acme-ip. > NEW: Adds a new type to the "ACME Identifier Types" registry defined in > Section 9.7.7 of [RFC8555] with a Label "ip" and Reference to this draft. > > (4) Section 8.2 - I think the intent of this IANA action is to have "ip" be > an Identifier Type for the Labels "http-01" and "tls-alpn-01" in "ACME > Validation Methods" registry. This text isn't clear to me on execution - is > text proposing (option #1) to modifying the existing entry in the registry > (my read of the text, but two identifier types doesn't seem to be supported > in the RFC8555 text), or (option #2) add another registry entry? Is it: > > (option #1) http-01, dns and ip > > OR > > (option #2) http-01, dns > http-01, ip > > Regards, > Roman > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
