Éric Vyncke has entered the following ballot position for draft-ietf-acme-authority-token-07: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-acme-authority-token/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for the work put into this document. Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits. Special thanks to Rich Salz for the shepherd's write-up about the WG consensus (and I noted the mix of STIR & ACME). I hope that this helps to improve the document, Regards, -éric I am trusting Roman and the authors, but I wonder where a replay attack protection is described ? Did the STIR/ACME WG consider the use of "ticket" rather than "token" ? -- Section 1 -- Authors may consider to remove the last paragraph has it could be read as limiting this I-D to the STIR use case (even with the leading "for example") -- Section 8 -- The first § explicitly request TLS (what about QUIC BTW) and the last § is less specific as it only requests "MUST use confidentiality". Is there any reason for this slight difference ? == NITS == -- Section 4 -- Isn't "JWT token" redundant as the "T" in "JWT" is already "token" ;-) _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
