Hi, Thank you for this work. I found this document informative and both easy to read and understand. I have a one question on this document and a few nits listed below.
My main question concerns this sentence in section 3.1: "[I-D.gutmann-scep] is one method which vendors may want to strongly consider." It looks like the IESG comments associated with I-D.gutmann-scep suggests that this is being documented for historical reasons and probably is no longer recommended practice. Hence, I was wondering whether it is appropriate to recommend or even reference it? Nits: Some inconsistency on how the device identifier is referred to. Sometimes it is "unique identifier" sometimes "unique device identifier", perhaps try and unify on a single term? Introduction: I prefer "and/or" to "and / or" that turns up twice. Section 2.1: "and Acme publishes it on their keyserver" => "and acme publishes the public key on their keyserver"? Section 3.1: "may will" => "may"? Section 3.2: "Note that the certificate publication server MUST only accept certificates or keys from the vendor's manufacturing facilities." => This text, or very similar appears in both section 3.2 and 3.1. Section 4.3, "contact" => "contacts", "It able," => "If able," "If this fails" => It could potentially be more clear as to what "it" refers to here, although the diagram below does make it clear. In diagram "give up go home" => "give up, go home" "keylenghts" => "key lengths" "isn't" => "is not"? Regards, Rob
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg