Reviewer: Qin Wu Review result: Has Nits I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments.
The document defines extensions to the Automated Certificate Management Environment (ACME) to allow for the automatic issuance of certificates to Tor hidden services。 I have read v-02 of this draft, this draft is well written, I believe it is on the right track, a few comments and suggestions below for your reference. Major issues: No Minor Issues: 1. Section 2 said: " Version 2 addresses MUST NOT be used as these are now considered insecure. " What is the version 2 addressess? where version 2 addresses in specified? Are version 2 addresses referred to 16 characters? It lacks clarity to reader who are not familiar with TOR specification. 2. Section 3 said: " The CA/Browser Forum Baseline Requirements [cabf-br] §B.2 define methods accepted by the CA industry for validation of ".onion" Special-Use Domain Names. " What does the symbol "§" represent? Section or Appendix? It is not common to use this symbol in the internet draft. The same comments are applied to other place using "§"? 3. Section 3.1.1 said: " The existing "dns-01" challenge MUST NOT be used to validate ".onion" Special-Use Domain Names. " Why "dns-01" challenges MUST not be used? I see section 8.1 and appendix A provides some context, would it be good to hook these sections together to clarify why. 4. Section 3.1.2 said: " The "http-01" challenge is defined as in [RFC8555] §8.3 may be used to validate a ".onion" Special-Use Domain Names, with the modifications defined in this standard, namely Client authentication to hidden services and Certification Authority Authorization (CAA). " which modifiation defined in this standards are referred to? Is this related to an additional field "authkey" in the challenge object defined in section 4? If the answer is yes, please add referenc to section 4. The same comment applies to other place which mentions "modification defined in this standard.". 5. Section 6 said: " with the following format: "caa" SP flags SP tag SP value NL [Any number of times] " Is this format related to ANBF or other standard format? where this format specified? Can you provide a concrete reference? Nits: s/from its service descriptor it/from its service descriptor There are several lines exceeding 69 characters. _______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
