I think that this document is almost ready. I have a few comments.
MAJOR:
Section 4 points to Section 4.4.2 of [I-D.ietf-dtn-tcpclv4]; but that profile
does not require the certificate to include an EKU of id-kp-bundleSecurity.
When this document is used to verify control over the DTN Node ID, I think the
issued certificate MUST include an EKU of id-kp-bundleSecurity. If other means
are used to validate other identities, then other EKU values might be included
as well.
Section 4.2 is talking about S/MIME certificates. I think there is a
cut-and-paste error here.
MINOR:
Section 3.1 says: "The only over-the-wire data required by ACME for a
Challenge Bundle is a nonce token ...". This is the first time that "nonce"
appears in the document. Please reword.
Section 3.3 and 3.4: in the beginning of the section, please add a pointer to
the document that defines these parameters. I think it is draft-ietf-dtn-bpbis.
Section 6.1: please provide a reference for "BPSEC key material", and please
spell out "BCB".
NITS:
Section 1: please spell out BP on first use.
Section 2: s/wildcard ("*") character/wildcard character ("*")/
Section 6.2: please spell out "BIB".
Russ
> On Mar 31, 2021, at 3:50 PM, Yoav Nir <[email protected]> wrote:
>
> Hi.
>
> This starts a WGLC for the subject draft entitled “Automated Certificate
> Management Environment (ACME) Delay-Tolerant Networking (DTN) Node ID
> Validation Extension”. The call will end at EOD Monday, April 19th, 2001.
>
> The document has been with the WG since last August, and has received too
> little review. ACME participants are encouraged to read and review, so that
> we can make changes if such are needed, and progress the document for
> publication.
>
> Linsk:
> Datatracker: https://datatracker.ietf.org/doc/draft-ietf-acme-dtnnodeid/
> <https://datatracker.ietf.org/doc/draft-ietf-acme-dtnnodeid/>
> Plain text: https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-01.txt
> <https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-01.txt>
> HTML: https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-01.html
> <https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-01.html>
> PDF: https://tools.ietf.org/pdf/draft-ietf-acme-dtnnodeid-01.pdf
> <https://tools.ietf.org/pdf/draft-ietf-acme-dtnnodeid-01.pdf>
>
> Thanks in advance
>
> Yoav
> _______________________________________________
> Acme mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/acme
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
