Alexey Melnikov has entered the following ballot position for draft-ietf-acme-star-09: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-acme-star/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for this well written document. I have one small issue that I would like to discuss before recommending approval of this document: Section 6.4 and 6.6 don’t seem to specify IANA registration procedure for new subregistries. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- 1.1. Name Delegation Use Case The proposed mechanism can be used as a building block of an efficient name-delegation protocol, for example one that exists between a CDN or a cloud provider and its customers [I-D.ietf-acme-star-delegation]. At any time, the service customer (i.e., the IdO) can terminate the delegation by simply instructing the CA to stop the automatic renewal and letting the currently active certificate expire shortly thereafter. Note that in this case the delegated entity needs to access the auto-renewed certificate without being in possession of the ACME account key that was used for initiating the STAR issuance. Can you explain the last sentence? I am reading “in this case” as the delegated entity needs access to renewed certificate once delegation is cancelled, which doesn’t make sense. Please let me know if I misunderstood. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme