Hi again TIm, I've updated the editor's copy ( https://as207960.github.io/acme-onion/draft-ietf-acme-onion.html) with your comments and fixed a few edit nits I found along the way. A diff of the two can be viewed here: https://author-tools.ietf.org/diff?doc_1=draft-ietf-acme-onion&url_2=https://AS207960.github.io/acme-onion/draft-ietf-acme-onion.txt&wdiff=1 Interested to hear what else you think needs to go into the security considerations as reading it back as someone with a far deeper understanding that anyone else is probably causing me to miss something that someone else would think definitely ought to be included. ------------------------------
Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 <https://find-and-update.company-information.service.gov.uk/company/12417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. On Tue, 13 Aug 2024 at 12:40, Q Misell <q...@as207960.net> wrote: > Thanks Tim for the review, that's really helpful! I'll give the draft a > once over with your comments in mind. > ------------------------------ > > Any statements contained in this email are personal to the author and are > not necessarily the statements of the company unless specifically stated. > AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, > Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company > registered in Wales under № 12417574 > <https://find-and-update.company-information.service.gov.uk/company/12417574>, > LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 > <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. > EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: > 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru > maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca > Digital, is a company registered in Estonia under № 16755226. Estonian VAT > №: EE102625532. Glauca Digital and the Glauca logo are registered > trademarks in the UK, under № UK00003718474 and № UK00003718468, > respectively. > > > On Mon, 12 Aug 2024 at 17:45, Tim Hollebeek <tim.hollebeek= > 40digicert....@dmarc.ietf.org> wrote: > >> Here’s the review I promised during the session. Apologies for the >> brevity, but I did want to get some comments out for Q. >> >> >> >> In general, I like it. Lots of new and cool stuff in there. I wish I had >> more time to learn about it and think about it. >> >> >> >> I’m unclear on the motivation for wildcard onions; many of these new >> “features” could use a few sentences up front describing the motivation and >> use case for adding them. >> >> >> >> There’s a bunch of more things I think need to be explained in the >> Security Considerations. Re-directs to non-onions is one. I can probably >> find more if interested. >> >> >> >> I didn’t have time to fully grok the new validation method and determine >> if it is secure. >> >> >> >> There are a number of places where it would be valuable to make it >> explicitly clear what is a requirement and what is not. For example, there >> are lots of what appear to be RFC 2119 “mays”, like for example in 3.1.2. I >> think it’s clearer to have them ALL CAPS if they are truly intended to be >> requirements. >> >> >> >> There’s another sneaky requirement in 8.2 (sentence ends in “is >> required”) which is easy to miss. IMO “is REQUIRED” is even worse. I’d >> suggested restating in terms of active MUSTs. I would recommend looking at >> all the RFC 2119 keywords in the document and explicitly deciding if it >> needs to be a requirement or not, and if it is, make sure it is extremely >> clear and unambiguous. It should always be 100% clear what’s a requirement >> and what isn’t, and it should always be 100% clear how to comply. Call that >> the Hollebeek Rule. >> >> >> >> Some of this may be because I was reading too quickly, but I think >> non-experts would benefit from these improvements as well. I think it’s a >> great draft, it just assumes a lot of background and may be impenetrable >> for non-experts. >> >> >> >> -Tim >> >> >> >> *From:* Carl Wallace <c...@redhoundsoftware.com> >> *Sent:* Monday, August 12, 2024 7:08 AM >> *To:* Q Misell <q=40as207960....@dmarc.ietf.org>; IETF ACME < >> acme@ietf.org> >> *Subject:* [Acme] Re: ACME for Onions >> >> >> >> It’s a minor point, but the minutes from 120 state there was a WGLC for >> this draft and no responses were received. There was a response and a >> subsequent update to the draft with minor edits to address concerns in that >> response: >> https://mailarchive.ietf.org/arch/msg/acme/lW-R45txi3O9stl3Red5gWa3A4U/. >> I’d’ve expected the draft to progress based on that WGLC. >> >> >> >> *From: *Q Misell <q=40as207960....@dmarc.ietf.org> >> *Date: *Friday, August 9, 2024 at 5:55 AM >> *To: *IETF ACME <acme@ietf.org> >> *Subject: *[Acme] ACME for Onions >> >> >> >> Moin, >> >> >> >> For those who weren't at IETF120 the consensus of the room was that >> draft-ietf-acme-onion was ready to be sent to the IESG, but we ofc need to >> confirm on the mailing list. >> >> >> >> So, if those of you who expressed satisfaction with the draft at 120, and >> those who weren't present, could please respond indicating as such so we >> can move this forward. >> >> >> >> Many thanks, >> >> Q Misell >> ------------------------------ >> >> Any statements contained in this email are personal to the author and are >> not necessarily the statements of the company unless specifically stated. >> AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, >> Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company >> registered in Wales under № 12417574 >> <https://find-and-update.company-information.service.gov.uk/company/12417574>, >> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 >> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. >> EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: >> 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru >> maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca >> Digital, is a company registered in Estonia under № 16755226. Estonian VAT >> №: EE102625532. Glauca Digital and the Glauca logo are registered >> trademarks in the UK, under № UK00003718474 and № UK00003718468, >> respectively. >> >> _______________________________________________ Acme mailing list -- >> acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org >> >
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
