Reviewer: Mehmet Ersue Review result: Has Nits I reviewed the document "Support for Short-Term, Automatically-Renewed (STAR) Certificates in Automated Certificate Management Environment (ACME) (draft-ietf-acme-star-06) as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the operational area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Intended status: Standards Track Current IESG state: In Last Call (ends 2019-08-01) IANA State: IANA - Review Needed Summary: The document proposes an ACME extension to enable the issuance of short-term and automatically renewed (STAR) X.509 certificates. There are no nits in the document. As far as I can see the document does not cause any issues related to operations and management. Though I have two suggestions: 1) > 4.2. Impact on Certificate Transparency (CT) Logs .... > The input received from most members of the CT community when the > issue was raised was that this should not represent a problem for the > CT architecture. This statement is pretty vague for a standard track document. I assume the reader will be asking what "most members" mean and why it shouldn't represent a problem for the CT architecture. 2) > 7.1. No revocation .... > More discussion of the security of STAR certificates is available in > [Topalovic]. AFAIU the external paper referred to does not adress security considerations directly. If you think there are concrete security considerations related to "No revocations" I would like to suggest to list them here. Thanks, Mehmet
