During the IETF 111 session, I agreed to review draft-ietf-acme-integrations.
I have a few comments.
MAJOR:
Sections 3, 4, 5, and 7.2 seem to have a misunderstanding of EST CSR Attrs,
which were recently explained by Dan Harkins on the LAMPS WG mail list:
https://mailarchive.ietf.org/arch/msg/spasm/Rr2H6WNEKeRphQ065sEoQ0rGTac/
Dan says, "The intent of the CSR Attrs request is for the RA to ask the client
to construct the CSR in some particular way."
This portion of all of these sections need to be reconciled with this
understanding of EST CSR Attrs. In fact, BRSKI (RFC 8995) will probably need to
be updated to reconcile the specifications.
EDITORIAL:
Section 1, first para: please add a reference to RFC 5280 after "X.509 (PKIX)
certificate".
Section 1, last para: s/certificate authority/certification authority (CA)/
Section 2: For CMC, please add a reference to RFC 5272, RFC 5273, RFC 5274 and
RFC 6402.
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
