Hi! Thanks for the WGLC to confirm the changes made to draft-ietf-acme-authority-token-tnauthlist in response to the IESG review. I've asked the three ADs holding DISCUSS positions to re-review the document.
I also reviewed the document again and went through the diffs with the chairs and Sean Turner (ARTART reviewer) (thank you!) to generate the following list of additional edits to make or discussion to have: (1) Per Paul's ballot held for Francesca ==[ snip ]== ** Section 3. FP: the response is missing the Content-Type field ==[ snip ]== Edit to make: OLD: HTTP/1.1 201 Created Replay-Nonce: MYAuvOpaoIiywTezizk5vw Location: https://example.com/acme/order/1234 NEW: HTTP/1.1 201 Created Content-Type: application/json Replay-Nonce: MYAuvOpaoIiywTezizk5vw Location: https://example.com/acme/order/1234 (2) Per Éric ballot ==[ snip ]== -- Section 6 -- In "then the CA MUST set the challenge object "status" to "valid"", isn't it up to the ACME server to do this action ? ==[ snip ]== Edit to make: s/then the CA MUST/then the ACME server MUST/ (3) Per Lar's ballot -- Section 5.4: OLD "ca" is an optional key, if it not included the "ca" value is considered false by default. NEW "ca" is an optional key, if not included the "ca" value is considered false by default. -- Section 9: s/a SPC/an SPC (4) Per Ben's ballot ==[ snip ]== (3) I think my discuss point on draft-ietf-acme-authority-token about how the issuer is identified will also apply (with slight modification) to this document -- in §5.1 we have text that indicates either "iss" or "x5u" identifies the issuer, which I do not believe to be accurate. ==[ snip ]= 5.1. "iss" claim The "iss" claim is an optional claim defined in [RFC7519] Section 4.1.1. It can be used as a URL identifying the Token Authority that issued the TNAuthList Authority Token beyond the "x5u" or other Header claims that identify the location of the certificate or certificate chain of the Token Authority used to validate the TNAuthList Authority Token. Why does draft-ietf-acme-authority-token allow for the possibility of "x5c", but the text here doesn't mention it? Thanks, Roman _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
