Here’s the review I promised during the session. Apologies for the brevity, but I did want to get some comments out for Q.
In general, I like it. Lots of new and cool stuff in there. I wish I had more time to learn about it and think about it. I’m unclear on the motivation for wildcard onions; many of these new “features” could use a few sentences up front describing the motivation and use case for adding them. There’s a bunch of more things I think need to be explained in the Security Considerations. Re-directs to non-onions is one. I can probably find more if interested. I didn’t have time to fully grok the new validation method and determine if it is secure. There are a number of places where it would be valuable to make it explicitly clear what is a requirement and what is not. For example, there are lots of what appear to be RFC 2119 “mays”, like for example in 3.1.2. I think it’s clearer to have them ALL CAPS if they are truly intended to be requirements. There’s another sneaky requirement in 8.2 (sentence ends in “is required”) which is easy to miss. IMO “is REQUIRED” is even worse. I’d suggested restating in terms of active MUSTs. I would recommend looking at all the RFC 2119 keywords in the document and explicitly deciding if it needs to be a requirement or not, and if it is, make sure it is extremely clear and unambiguous. It should always be 100% clear what’s a requirement and what isn’t, and it should always be 100% clear how to comply. Call that the Hollebeek Rule. Some of this may be because I was reading too quickly, but I think non-experts would benefit from these improvements as well. I think it’s a great draft, it just assumes a lot of background and may be impenetrable for non-experts. -Tim From: Carl Wallace <c...@redhoundsoftware.com> Sent: Monday, August 12, 2024 7:08 AM To: Q Misell <q=40as207960....@dmarc.ietf.org>; IETF ACME <acme@ietf.org> Subject: [Acme] Re: ACME for Onions It’s a minor point, but the minutes from 120 state there was a WGLC for this draft and no responses were received. There was a response and a subsequent update to the draft with minor edits to address concerns in that response: <https://mailarchive.ietf.org/arch/msg/acme/lW-R45txi3O9stl3Red5gWa3A4U/> https://mailarchive.ietf.org/arch/msg/acme/lW-R45txi3O9stl3Red5gWa3A4U/. I’d’ve expected the draft to progress based on that WGLC. From: Q Misell < <mailto:q=40as207960....@dmarc.ietf.org> q=40as207960....@dmarc.ietf.org> Date: Friday, August 9, 2024 at 5:55 AM To: IETF ACME < <mailto:acme@ietf.org> acme@ietf.org> Subject: [Acme] ACME for Onions Moin, For those who weren't at IETF120 the consensus of the room was that draft-ietf-acme-onion was ready to be sent to the IESG, but we ofc need to confirm on the mailing list. So, if those of you who expressed satisfaction with the draft at 120, and those who weren't present, could please respond indicating as such so we can move this forward. Many thanks, Q Misell _____ Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № <https://find-and-update.company-information.service.gov.uk/company/12417574> 12417574, LEI 875500FXNCJPAPF3PD10. ICO register №: <https://ico.org.uk/ESDWebPages/Entry/ZA782876> ZA782876. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. _______________________________________________ Acme mailing list -- acme@ietf.org <mailto:acme@ietf.org> To unsubscribe send an email to acme-le...@ietf.org <mailto:acme-le...@ietf.org>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
