Did you intend to remove the changes to 3.1.2 and 3.1.3 that identify the modifications? This text was added to address a comment during the last WGLC.
From: Q Misell <q...@as207960.net> Date: Tuesday, August 13, 2024 at 8:59 AM To: Tim Hollebeek <tim.hollebeek=40digicert....@dmarc.ietf.org> Cc: Carl Wallace <c...@redhoundsoftware.com>, IETF ACME <acme@ietf.org> Subject: Re: [Acme] Re: ACME for Onions Hi again TIm, I've updated the editor's copy (https://as207960.github.io/acme-onion/draft-ietf-acme-onion.html) with your comments and fixed a few edit nits I found along the way. A diff of the two can be viewed here: https://author-tools.ietf.org/diff?doc_1=draft-ietf-acme-onion&url_2=https://AS207960.github.io/acme-onion/draft-ietf-acme-onion.txt&wdiff=1 Interested to hear what else you think needs to go into the security considerations as reading it back as someone with a far deeper understanding that anyone else is probably causing me to miss something that someone else would think definitely ought to be included. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. On Tue, 13 Aug 2024 at 12:40, Q Misell <q...@as207960.net> wrote: Thanks Tim for the review, that's really helpful! I'll give the draft a once over with your comments in mind. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. On Mon, 12 Aug 2024 at 17:45, Tim Hollebeek <tim.hollebeek=40digicert....@dmarc.ietf.org> wrote: Here’s the review I promised during the session. Apologies for the brevity, but I did want to get some comments out for Q. In general, I like it. Lots of new and cool stuff in there. I wish I had more time to learn about it and think about it. I’m unclear on the motivation for wildcard onions; many of these new “features” could use a few sentences up front describing the motivation and use case for adding them. There’s a bunch of more things I think need to be explained in the Security Considerations. Re-directs to non-onions is one. I can probably find more if interested. I didn’t have time to fully grok the new validation method and determine if it is secure. There are a number of places where it would be valuable to make it explicitly clear what is a requirement and what is not. For example, there are lots of what appear to be RFC 2119 “mays”, like for example in 3.1.2. I think it’s clearer to have them ALL CAPS if they are truly intended to be requirements. There’s another sneaky requirement in 8.2 (sentence ends in “is required”) which is easy to miss. IMO “is REQUIRED” is even worse. I’d suggested restating in terms of active MUSTs. I would recommend looking at all the RFC 2119 keywords in the document and explicitly deciding if it needs to be a requirement or not, and if it is, make sure it is extremely clear and unambiguous. It should always be 100% clear what’s a requirement and what isn’t, and it should always be 100% clear how to comply. Call that the Hollebeek Rule. Some of this may be because I was reading too quickly, but I think non-experts would benefit from these improvements as well. I think it’s a great draft, it just assumes a lot of background and may be impenetrable for non-experts. -Tim From: Carl Wallace <c...@redhoundsoftware.com> Sent: Monday, August 12, 2024 7:08 AM To: Q Misell <q=40as207960....@dmarc.ietf.org>; IETF ACME <acme@ietf.org> Subject: [Acme] Re: ACME for Onions It’s a minor point, but the minutes from 120 state there was a WGLC for this draft and no responses were received. There was a response and a subsequent update to the draft with minor edits to address concerns in that response: https://mailarchive.ietf.org/arch/msg/acme/lW-R45txi3O9stl3Red5gWa3A4U/. I’d’ve expected the draft to progress based on that WGLC. From: Q Misell <q=40as207960....@dmarc.ietf.org> Date: Friday, August 9, 2024 at 5:55 AM To: IETF ACME <acme@ietf.org> Subject: [Acme] ACME for Onions Moin, For those who weren't at IETF120 the consensus of the room was that draft-ietf-acme-onion was ready to be sent to the IESG, but we ofc need to confirm on the mailing list. So, if those of you who expressed satisfaction with the draft at 120, and those who weren't present, could please respond indicating as such so we can move this forward. Many thanks, Q Misell Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. _______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
