Reviewer: Susan Hares Review result: Ready with Issues I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. Document: draft-ietf-acme-ari-07 Reviewer: Susan Hares Review Date: 2024-12-08 IETF LC End Date: 2024-12-06 IESG Telechat date: Not scheduled for a telechat Summary: The document 2 issues and 2 NITs. The two issues are mentioned in the security considerations section. However, these two issues should be reviewed again by Security ADs, or by another security review. I am not a security expert. Major issues: Minor Issues: 1) What happens in the case of a large clock skew between the ACME Client and servers, and 2) Use of unauthenticated GET Requests. Nits/editorial comments: 1. Introduction, Paragraph 1, Use of ";", problem: Unclear sentence. reason: Grammar Old text:/ They may be configured to renew at a specific interval (e.g., via cron); they may parse the issued certificate to determine its expiration date and renew a specific amount of time before then; or they may parse the issued certificate and renew when some percentage of its validity period has passed./ What's wrong: The grammar usage for semi-color is that the phrases separated by the ";" are equal restatements of the same information. A different form of the list would be a clearer statement. 2. Section 6, paragraph 2, 2nd sentence, Unclear sentence Text:/ For example, a server might place the suggested renewal window wholly in the past to encourage a client to renew immediately; but a client with a sufficiently slow clock might see the suggested window as still being in the future./ Option1: New text:/ For example, a server might place the suggested renewal window wholly in the past to encourage a client to renew immediately. However, a client with a sufficiently slow clock might see the suggested window as being in the future./ -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
