Thanks Tim for the review, that's really helpful! I'll give the draft a once over with your comments in mind. ------------------------------
Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 <https://find-and-update.company-information.service.gov.uk/company/12417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. On Mon, 12 Aug 2024 at 17:45, Tim Hollebeek <tim.hollebeek= 40digicert....@dmarc.ietf.org> wrote: > Here’s the review I promised during the session. Apologies for the > brevity, but I did want to get some comments out for Q. > > > > In general, I like it. Lots of new and cool stuff in there. I wish I had > more time to learn about it and think about it. > > > > I’m unclear on the motivation for wildcard onions; many of these new > “features” could use a few sentences up front describing the motivation and > use case for adding them. > > > > There’s a bunch of more things I think need to be explained in the > Security Considerations. Re-directs to non-onions is one. I can probably > find more if interested. > > > > I didn’t have time to fully grok the new validation method and determine > if it is secure. > > > > There are a number of places where it would be valuable to make it > explicitly clear what is a requirement and what is not. For example, there > are lots of what appear to be RFC 2119 “mays”, like for example in 3.1.2. I > think it’s clearer to have them ALL CAPS if they are truly intended to be > requirements. > > > > There’s another sneaky requirement in 8.2 (sentence ends in “is required”) > which is easy to miss. IMO “is REQUIRED” is even worse. I’d suggested > restating in terms of active MUSTs. I would recommend looking at all the > RFC 2119 keywords in the document and explicitly deciding if it needs to be > a requirement or not, and if it is, make sure it is extremely clear and > unambiguous. It should always be 100% clear what’s a requirement and what > isn’t, and it should always be 100% clear how to comply. Call that the > Hollebeek Rule. > > > > Some of this may be because I was reading too quickly, but I think > non-experts would benefit from these improvements as well. I think it’s a > great draft, it just assumes a lot of background and may be impenetrable > for non-experts. > > > > -Tim > > > > *From:* Carl Wallace <c...@redhoundsoftware.com> > *Sent:* Monday, August 12, 2024 7:08 AM > *To:* Q Misell <q=40as207960....@dmarc.ietf.org>; IETF ACME <acme@ietf.org > > > *Subject:* [Acme] Re: ACME for Onions > > > > It’s a minor point, but the minutes from 120 state there was a WGLC for > this draft and no responses were received. There was a response and a > subsequent update to the draft with minor edits to address concerns in that > response: > https://mailarchive.ietf.org/arch/msg/acme/lW-R45txi3O9stl3Red5gWa3A4U/. > I’d’ve expected the draft to progress based on that WGLC. > > > > *From: *Q Misell <q=40as207960....@dmarc.ietf.org> > *Date: *Friday, August 9, 2024 at 5:55 AM > *To: *IETF ACME <acme@ietf.org> > *Subject: *[Acme] ACME for Onions > > > > Moin, > > > > For those who weren't at IETF120 the consensus of the room was that > draft-ietf-acme-onion was ready to be sent to the IESG, but we ofc need to > confirm on the mailing list. > > > > So, if those of you who expressed satisfaction with the draft at 120, and > those who weren't present, could please respond indicating as such so we > can move this forward. > > > > Many thanks, > > Q Misell > ------------------------------ > > Any statements contained in this email are personal to the author and are > not necessarily the statements of the company unless specifically stated. > AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, > Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company > registered in Wales under № 12417574 > <https://find-and-update.company-information.service.gov.uk/company/12417574>, > LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 > <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. > EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: > 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru > maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca > Digital, is a company registered in Estonia under № 16755226. Estonian VAT > №: EE102625532. Glauca Digital and the Glauca logo are registered > trademarks in the UK, under № UK00003718474 and № UK00003718468, > respectively. > > _______________________________________________ Acme mailing list -- > acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org >
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
