IETF Logo Mail Archive

Re: [Acme] Concerning alternative formats …

Richard Barnes <rlb@ipv.sx> Mon, 05 March 2018 22:27 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAC2712711E for <acme@ietfa.amsl.com>; Mon, 5 Mar 2018 14:27:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7dYT3ZsxtjsY for <acme@ietfa.amsl.com>; Mon, 5 Mar 2018 14:27:30 -0800 (PST)
Received: from mail-wr0-x235.google.com (mail-wr0-x235.google.com [IPv6:2a00:1450:400c:c0c::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B61B126DFF for <acme@ietf.org>; Mon, 5 Mar 2018 14:27:30 -0800 (PST)
Received: by mail-wr0-x235.google.com with SMTP id k9so18925506wre.9 for <acme@ietf.org>; Mon, 05 Mar 2018 14:27:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VDVMO/pb6old5+rRdo5x1q3zQZTkS1H3JseHOjxOs44=; b=eYk715aWXdquEx8DenHfnzr74jwGa7ZsKNpnRlPhwt0M8ORXScPl+xDRwc/BZC+L4I X5OZJFjVQisCHWcfq/6mf3Q0J07qvuxSVJpfedHyuLut9Zj/080s2i22zzrwaIjsrTce bB0n2zMG2h3yKQTykJvKvN9vC+pEpajkK1yuUtHfaypxTGDO/7H1OtLsRDf3jaHozacX /RmI1ZYWAwDdAohv/5GVFQmT1OI6nDXfRWhAXaoFzG4sJ3I/cmg8D7TtR75ahK8NnVV6 U46OzWc90/dsvwx39EOPcHWCXUa3rP7PxhakWnY6p3UTpzBDmOIZ4TuzqDwj3Q8uvn5l jzKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VDVMO/pb6old5+rRdo5x1q3zQZTkS1H3JseHOjxOs44=; b=XgWTeyhw//oZKDzSBVxDuyGHDciu81EN0rwSCsfFKu5g9oKz9nEMEnEuOGeRLKgXS0 x2bdJjKm+Mhqb62+me0SO/AsVS/MR4SvcJhGx8xTWZMWDX+U2V6jfreK4vTEoRx+cOl6 U8nYBcF7m9mHBY99op4bQrFgHnQyvFaMp3M1rChuPzheS3sQXjkGA6oijjo79bfZPHHp B938z3jFuCkw/6LB63CM7QJPBLi1C0taOKzmuV8ygr+2NJeLmESck80kOEkHBIknG4PG sYJFoCpCaMh7zCtl2BFkyAc+tdVwDhue8zNeRG7cjGZdYFwmMTElra20S10w6KEZr3yQ P6fw==
X-Gm-Message-State: APf1xPAVshMcN/OxXq1X0RH8nliDrVOxRORVQXuSaQX6ma9TQr4gOjnu kVZnYZH84458jksHRPGNEaCKuOpq+7rCrgnE1q987w==
X-Google-Smtp-Source: AG47ELvLUtBgLwBZCVAy7PDG0UXN4TCdUlxwWXKizKb8jj54J+Uk24wqnWmg0u8U67/L8nsBjZ/x2f7Zm7TiXMWglv8=
X-Received: by 10.223.171.167 with SMTP id s36mr13120407wrc.52.1520288848539; Mon, 05 Mar 2018 14:27:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.28.12.140 with HTTP; Mon, 5 Mar 2018 14:27:28 -0800 (PST)
In-Reply-To: <CF42EC34-F05A-4615-A8DB-0A2524F04CBF@felipegasper.com>
References: <CAMmAzEKJhMaUBtCWSNZyGv-f+-edZ-WTq3=WFD_b1bXfvua89A@mail.gmail.com> <20180106001126.GB3076@carrot.tutnicht.de> <CAMmAzELgjpAmVCX6YB0VMvNQV3NH3NDdM_pdcz6d+h=ZO2rJww@mail.gmail.com> <CAMmAzEKMffffrxAihotVWPpqy=LaRkpSJuW9CpSVoQfLQ-nBwQ@mail.gmail.com> <CAL02cgRLXkkQECF5ssGh39uFL0xJp-3EODxGSQVzfPuEnE7FgA@mail.gmail.com> <63F4F466-8398-41E6-BD25-5414ADA9D1B3@felipegasper.com> <CAMmAzEKksnuBi0LPHsAsd2qs1brbMqrJBdtsbArTr6HhGrkN+A@mail.gmail.com> <CAL02cgRrH9fG-E9_oc4naSNvE4igaUcs9wXDfTtCTUCx+c4wbg@mail.gmail.com> <20180304125854.GH2161@carrot.tutnicht.de> <CAMmAzEJ0A2iOd2ASSHGJRfuB6Ss-BaOCXWsxUKUZx9UUzbT1ng@mail.gmail.com> <20180304143300.GI2161@carrot.tutnicht.de> <CAMmAzELuDLp4KxPtLgHp8AoyKGLOOjx4HPSrhDJ=yJ9RytU_vw@mail.gmail.com> <CAL02cgSAQaE0Qd=q3aSEDZdGe0TwyHs60xn-042OhKxu5LHxYA@mail.gmail.com> <CABkgnnWKhQ99qHtN8PkyG=6zNbJeGPYstL7Hgek36nR+747oHg@mail.gmail.com> <CAL02cgQFvVNEyBEAPsPdAtWK+VL0aPxdDqhZc_yrVLza4keZmg@mail.gmail.com> <CABkgnnUeiZvckTBRZNAv1Psg+ge-xK+y6vhSA4h2Ve_9_Nt8cg@mail.gmail.com> <CAL02cgSbgr69Qbd23MfF=gOrDn6wUXwDfx0Qv=H6RczoC2uasA@mail.gmail.com> <CABkgnnVu9MjfMtJ7tmoTBLT+3qoX2YPZqau92YUW=XqoL-Uf7Q@mail.gmail.com> <50502D5E-89F4-4CEC-A947-AF37032A0381@felipegasper.com> <5B3A59BB-3832-4F38-A281-81FBE5AA1887@ipifony.com> <CF42EC34-F05A-4615-A8DB-0A2524F04CBF@felipegasper.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Mon, 05 Mar 2018 17:27:28 -0500
Message-ID: <CAL02cgR=6C+i56OGLx=bSXHixh5hu5jLgdeOsh4FG57HV_1mDQ@mail.gmail.com>
To: Felipe Gasper <felipe@felipegasper.com>
Cc: "Matthew D. Hardeman" <mhardeman@ipifony.com>, Martin Thomson <martin.thomson@gmail.com>, Logan Widick <logan.widick@gmail.com>, ACME WG <acme@ietf.org>, Jörn Heissler <acme-specs@joern.heissler.de>, Fraser Tweedale <frase@frase.id.au>
Content-Type: multipart/alternative; boundary="001a113b37b6c6063d0566b1d4a6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/30LHcSSnwBvW6IkIqI8Ubpp2MJw>
Subject: Re: [Acme] Concerning alternative formats …
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2018 22:27:32 -0000

Thomson: Could h2 push replace some of the polling here?

On Mon, Mar 5, 2018 at 4:50 PM, Felipe Gasper <felipe@felipegasper.com>
wrote:

>
> > On Mar 5, 2018, at 1:13 PM, Matthew D. Hardeman <mhardeman@ipifony.com>
> wrote:
> >
> > Especially with CT logging being a pragmatic requirement,
> time-to-delivery for certificates is likely to increase (slightly) rather
> than decrease.
>
> Quick point: the alleviation of polling would go for authz status as well
> as to certificate delivery.
>
> A certificate order that has 10 domains needs to poll for the status of
> all 10 of those domains’ authorizations as well as the certificate
> issuance. “ACME/bidi” would remove all 11 of those needs to poll.
>
> Thanks for those who have given this suggestion their consideration. I
> don’t mean to “gum up the gears” for the main ACME work, but as I’ve been
> writing ACME clients the polling stuff has stuck out to me like a sore
> thumb.
>
> It’s worth noting, too, that concerns about overhead may be alleviated if
> we do get a usable WebSocket-over-HTTP/2 implementation. Or, maybe someone
> will expose an SCTP endpoint, or a raw TCP endpoint that implements a
> simple message-boundary layer. I think the question of pure-message,
> bidirectional transport is more relevant than a specific transport
> implementation.
>
> -F

v2.23.0 | Report a Bug | By Email