Document: draft-ietf-acme-device-attest Title: Automated Certificate Management Environment (ACME) Device Attestation Extension Reviewer: Nabeel Cocker Review result: Ready
Hi, I have been selected as the Operational Directorate (opsdir) reviewer for this Internet-Draft. The Operational Directorate reviews all operational and management-related Internet-Drafts to ensure alignment with operational best practices and that adequate operational considerations are covered. A complete set of _"Guidelines for Considering Operations and Management in IETF Specifications"_ can be found at https://datatracker.ietf.org/doc/draft-ietf-opsawg-rfc5706bis/. While these comments are primarily for the Operations and Management Area Directors (Ops ADs), the authors should consider them alongside other feedback received. - Document: [draft-ietf-acme-device-attest-01] - Reviewer: [Nabeel Cocker] - Review Date: [02-12-2026] - Intended Status: [Standards Track] --- ## Summary Choose one: - Ready: No issues found. This document is ready for publication. A couple of minor nits: - One minor nit in the introduction section: "device /and whether" - Spelling error in paragraph before section 2: explict > explicit ## General Operational Comments Alignment The document adds variances to the ACME specification such as a addition of permanent-identifier, addition of the device-attest-01 challenge type, the challenge response payload contains a serialized WebAuthn attestation statement format instead of an empty JSON object ({}) and accounts and external account binding being used as a mechanism to pre-authenticate requests to an enterprise CA. >From an operational consideration perspective it does not define a New Protocol, a Protocol Extension, or an architecture but provides guidance on implementing a new type and challenge for certificate issuance using ACME. The document also cover the IANA considerations indicating updates to the "ACME Identifier Types" registry and the "ACME Validation Methods" registry. --- Thank you to the authors for the effort! Nabeel _______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
