IETF Logo Mail Archive

[Acme] Remove the hyphen from the acceptable character set for _acme-challenge TXT records.

Mark Tomlin <Mark@mimocad.io> Wed, 25 November 2020 21:19 UTC

Return-Path: <dygear@mimocad.io>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C6803A1E86 for <acme@ietfa.amsl.com>; Wed, 25 Nov 2020 13:19:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mimocad-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ayi130sMuhuD for <acme@ietfa.amsl.com>; Wed, 25 Nov 2020 13:19:48 -0800 (PST)
Received: from mail-oo1-xc36.google.com (mail-oo1-xc36.google.com [IPv6:2607:f8b0:4864:20::c36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9F733A1E84 for <acme@ietf.org>; Wed, 25 Nov 2020 13:19:48 -0800 (PST)
Received: by mail-oo1-xc36.google.com with SMTP id l10so824501ooh.1 for <acme@ietf.org>; Wed, 25 Nov 2020 13:19:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mimocad-io.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=Diy+0fHWBAKnXh78Y5qlftoWr/nL4AdQo7d95Dr3zB8=; b=Zwn7IWyZkYeG2nIj25jYAnV5RoKine60FSy+qBr2tqJOaLFrPjiaATX2HhBlqmPMKS 7Y/XDzZ8GP5yvBavsNC2n79UrvjwjRYcEBxTtiW+eIEAJXanMa3HWqqjfd4mZwo1vDfs PdpsIwIqVZBHoDIucDR6fSq6KXizjFQBRjnvG3PKRbsK4SpwkUkDI9u1Ufy28Hyrschq a1RBeZFwY73y8IuV7RWudcDl1EK8MzSfNWXBn00AUPs6pRHPRrzZvJkU3k9VIp7Reigu eSHK7Cds5VD39q6XjzMDerX/2RZTkzlkb2NhAmeboYhRgHUpi5kXpLvx+Dl11j34YpXU khYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Diy+0fHWBAKnXh78Y5qlftoWr/nL4AdQo7d95Dr3zB8=; b=jKOUMJeCRKUiZeTJjWT7fBcd/XgDnFlkAKiPirRUgZANDFMabCvNkqlTNptGafU7T+ N/0PuO3VGnqyBd4wylE/8J492UjzFv2A52Bf/PrmAf58j+idlSrCCcYIG9GEkCLl0Tta GhSzUmSCZJva3cyb4SuH0PdRlwOT1fZsVdX6D9x+xpOhUesME3EOL7ipvH4behv2K2Lt YGIDn4/qbhE/D+ESTlwOgVbJYfN+KBiQw0YLZK9d18WWm/CBOsJvRgILyemm3MrcEF8V 2wyeN3/1v7TwrREMbtmjRmSH6iIAZOi9oOb2JcqUQ1sI+HKMzkzWe0V9ER1Pn8Zv0ccO z6tw==
X-Gm-Message-State: AOAM531QaktC0urtXGqPsHVJQoMPLm2XazSmhzJFgpqrRyo7lSvk1nB5 OSTPGQnzUh+H7XYQ1WlwE36cygABLM1fU6oizqokY3QvbK80ub0t
X-Google-Smtp-Source: ABdhPJyVq8452wuOC1qIMitQTlCVPlt5cH9Nbm4JWC/KpFuVDc5aNT+1GnQvykZYKSHl0cqi3kxVqUo6M5nuS8oDLHg=
X-Received: by 2002:a4a:95e6:: with SMTP id p35mr4188448ooi.38.1606339187302; Wed, 25 Nov 2020 13:19:47 -0800 (PST)
MIME-Version: 1.0
From: Mark Tomlin <Mark@mimocad.io>
Date: Wed, 25 Nov 2020 16:19:36 -0500
Message-ID: <CAPOmKtNvUS_hjJFm6=6yV-ep0jqmEkr49kwLTZQDEQb8MPQa-A@mail.gmail.com>
To: acme@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a5f7a005b4f4fc1f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/-bpxXma9MI2-lln_SldtTNIxQzk>
Subject: [Acme] Remove the hyphen from the acceptable character set for _acme-challenge TXT records.
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2020 21:21:07 -0000

Hello everyone,
    I have a bit of a feature request for you all. It's actually to remove
the hyphen from the TXT records to make it easier to copy and paste into a
DNS server record. Here's my scenario. I ran the following command on my
server (Ubuntu 20.04) that as you can see has cerbot on it and a large
number of domains to cover.

certbot certonly --manual --preferred-challenges=dns --email Mark@MimoCAD.io
--server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d
mimocad.io -d *.mimocad.io -d stonybrookems.io -d *.stonybrookems.io -d
stonybrookems.com -d *.stonybrookems.com -d stonybrookems.net -d *.
stonybrookems.net -d stonybrookems.org -d *.stonybrookems.org -d wlvac.com
-d *.wlvac.com -d wlvac.net -d *.wlvac.net -d wlvac.org -d *.wlvac.org -d
wlvacems.com -d *.wlvacems.com -d wlvacems.net -d *.wlvacems.net -d
wlvacems.org -d *.wlvacems.org -d mimosdr.com -d *.mimosdr.com -d
mimosdr.net -d *.mimosdr.net -d mimosdr.org -d *.mimosdr.org

While running that command I would get an output like the following...

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
Please deploy a DNS TXT record under the name
_acme-challenge.mimocad.io with the following value:

6-K6v7VjtVpGhJk4d6Zx8qxsg6JFUZbGnnr-bDpKpSc

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
Press Enter to Continue

Normal and expected behavior, yes. My issue is with the hyphen character.
>From my client machine macOS 11.0.1 when I'm copying DNS records with a
double click of the string it stops at spaces appropriately but it stops at
hyphens also. In essence, the expected operation of capturing the whole
string inside of the select via double click does not work. This behavior
is certainly produced in my environment and I would think in others as
well. Try it yourself and see what happens! My request is that we simply
discourage or disallow the use of the hyphen in the _acme-challenge TXT
records as it offers poor usability for the accurate copy of these long
complex strings from the console output into the DNS server.

Thank you for your time,
Respectfully.

--
Mark Tomlin, CEO.
MimoCAD Inc.

v2.23.0 | Report a Bug | By Email