Reviewer: Charlie Kaufman
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document describes existing deployments of CMP over HTTP, and I found nothing objectionable in it from a security standpoint. I found two issues that others might find objectionable and the authors might consider, so I'll mention them here:

1) It says that "Implementations MUST support HTTP/1.0 [RFC1945] and SHOULD support HTTP/1.1
[RFC9112]." That statement will be out of date someday, and it's not clear what benefit there is to including it.

2) The protocol does not require use of TLS. In fact, the strongest statement it makes is "might want to consider using HTTP over TLS according to [RFC9110] or virtual private networks created, for example, by utilizing Internet Protocol Security according to [RFC4301]." While there is no cryptographically secret information communicated over CMP, someone impersonating a server could impose serious delays and perhaps confusion to clients. Further, the names from certificates being requested might be sensitive in some scenarios. The authors might want to consider stronger language on this subject.


      —Charlie