Re: [Acme] IETF 107; agenda

"Owen Friel (ofriel)" <ofriel@cisco.com> Tue, 10 March 2020 07:36 UTC

Return-Path: <ofriel@cisco.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAC593A0CB5 for <acme@ietfa.amsl.com>; Tue, 10 Mar 2020 00:36:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=I6idBOcd; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=t5jM6BW9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZemjgUuJSOJB for <acme@ietfa.amsl.com>; Tue, 10 Mar 2020 00:36:55 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EA0E3A0781 for <acme@ietf.org>; Tue, 10 Mar 2020 00:36:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1590; q=dns/txt; s=iport; t=1583825815; x=1585035415; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=xzo442cfcbZM2ATjHXvobIRvH2h/j4LQ45RfJMQMpjc=; b=I6idBOcdPQxWaVjJQ8YsYe0rUVIWN+0nxftVKKDbGsSkwjqXkwNAMMEE VTsu3JqTSxa/+RztNoVxMAZ3CWtXHcyFZ/e1p3mwXmMpu+60DaQBAy3fX ImFCjmBD37GHkVSq1oVEo73wS12XezikB1TxDbNt6B6TE0+qTpEzsW9Dk E=;
IronPort-PHdr: 9a23:DBtD2xCg3uHUyJBEiV7ZUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qg83kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuK/DwbiE+NM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DaAQBPQ2de/5FdJa1lGwEBAQEBAQEFAQEBEQEBAwMBAQGBe4FUUAWBRCAECyoKh1EDim6CX4ljjjKCUgNUCQEBAQwBAS0CBAEBhEMCghEkOBMCAwEBCwEBBQEBAQIBBQRthSoHJQyFYwEBAQECARIoBgEBNwELBAIBCBEEAQEfECERHQgCBA4FCBqFTwMOIAGddwKBOYhigieCfwEBBYUSDQuCDAmBOIwsGoFBP4ERR4JNPoEEgRdJBIFLGoNBgiyvZUQKgjySMIRTgkmMb4t9jneLLZAkAgQCBAUCDgEBBYFpIoFYcBWDJ1AYDYlbhEIMF4NQilV0AoEnjBgBgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.70,535,1574121600"; d="scan'208";a="453276882"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Mar 2020 07:36:35 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 02A7aZwJ005033 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 10 Mar 2020 07:36:35 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 10 Mar 2020 02:36:34 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 10 Mar 2020 03:36:34 -0400
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 10 Mar 2020 02:36:34 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C8WvAvqs3jv2OAMpflBrI6L53UvFXOa/hgtpj0ZCX+RqVNScfki8Kt/nM2S0MYGYNaH7ifMvFzNwCtcYxF8FodiZFUPjRcIWBhiRv6+yehAScvYpwlPdWAexNuP3Km3ek2qoxiRnE1vDxFBSRpPWTYSS8xFic1vOKAWFcVYrUlKQeP0IFneOhy2ZL5fGiK/B3Dukf1V/u/JzEN/fezjj1aQa5Bb7E8Sw0tmfHxWdoxc3hAdZRxIAt6ofJQcSowQsUld9a5j++RtL1XTOpm2f9WcRXXKDohx0mqYZEzBG17fDQnGKvAx0oL5VnweXxVc5bT/9ristycuQ8t9BvOG8tA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=Fv7k53/2LRoYpSnVZgQmp4CYqEzYz3bRqhQTn9KCpek=; b=oY3Gdgu/Wat6UbfCTgIZEM9gbrwR3E3kBjn4h+mIN9O//HeynAdh8Ra2JgD4dB/7Vppu5J/cSTmIMrjFlU3RJ+We0SthinFSE6mMQDdgybrn4EuX3HSzgI2lbbDB4RjgsJclWRVwr3y3NyyMzFHNoSm90gXbzsw7ML6TgVjbY00P1aPW4cn7tcWXjDbHvu5muMPS3RvKC9oBhh8D4Jprv0bO7R42x5akwfsNj5UI2e0zYjlGYGlovX50AHMKrXRZHsQop0mCQjdFaeNNbmS/AJVT8RsDcR1dGX9RL8XvX7+q7caWyLqS+xKR6OptBzVR2foexqjgsJvXSII3fO/rtA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Fv7k53/2LRoYpSnVZgQmp4CYqEzYz3bRqhQTn9KCpek=; b=t5jM6BW9B7AXsyHcFsvBYAMru6jExlWbxzg6Io8SvMKtvLoGpUpE5aKCzA1NkyXeZW2pv44BleIBDlps6tq6wOZ2tHDZX9DyKMuMhwyeZl1YhJWpLCeZ74kwT6CfeOlSef/CwzQfw4n6eYBZlzpN5UxaJ5Vg08d8or//hWvDwOU=
Received: from MN2PR11MB3901.namprd11.prod.outlook.com (2603:10b6:208:138::12) by MN2PR11MB4728.namprd11.prod.outlook.com (2603:10b6:208:261::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.15; Tue, 10 Mar 2020 07:36:33 +0000
Received: from MN2PR11MB3901.namprd11.prod.outlook.com ([fe80::2940:3c18:ff33:39d9]) by MN2PR11MB3901.namprd11.prod.outlook.com ([fe80::2940:3c18:ff33:39d9%4]) with mapi id 15.20.2793.013; Tue, 10 Mar 2020 07:36:33 +0000
From: "Owen Friel (ofriel)" <ofriel@cisco.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
CC: Alexey Melnikov <alexey.melnikov@isode.com>, "acme@ietf.org" <acme@ietf.org>, Mary Barnes <mary.ietf.barnes@gmail.com>
Thread-Topic: [Acme] IETF 107; agenda
Thread-Index: AQHV9iT1nCNmGh3yW0yLOf0+RNFFUqhAzBoAgACkhLA=
Date: Tue, 10 Mar 2020 07:36:33 +0000
Message-ID: <MN2PR11MB3901935BB424ACBE612777D0DBFF0@MN2PR11MB3901.namprd11.prod.outlook.com>
References: <2737DD9A-53F6-4F03-AD30-0FC582E32501@akamai.com> <13284.1583790392@localhost>
In-Reply-To: <13284.1583790392@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ofriel@cisco.com;
x-originating-ip: [173.39.121.66]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b7f65d1f-a510-4d44-e33d-08d7c4c5c1c1
x-ms-traffictypediagnostic: MN2PR11MB4728:
x-microsoft-antispam-prvs: <MN2PR11MB47284D148905DBB2129FC013DBFF0@MN2PR11MB4728.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 033857D0BD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(136003)(396003)(346002)(39860400002)(199004)(189003)(64756008)(66556008)(66476007)(55016002)(66446008)(76116006)(9686003)(52536014)(5660300002)(66946007)(71200400001)(7696005)(2906002)(26005)(110136005)(54906003)(316002)(8936002)(186003)(81166006)(81156014)(4326008)(8676002)(53546011)(6506007)(86362001)(33656002)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4728; H:MN2PR11MB3901.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7T9Y++MDMxFnH7M5ysPYO35Uf9IhJuB119GrFRpzoYwbOBsrzjpohNaY951EfdX8Wi9Zam/bq3wVd8FKvpcxQzRig10oeQIVabMr7xE6kNvSPRyI2677B1e6kP3CJ7FfiJDjELI82H2wFEJ2vV1bfhpyQUrYNrF47cXQzkBkA3mkatN/Q0p/PI1CZsv3aviwVmpBYCDmuMHsRUsKyHRhk0hp9FkWKMZgOY5X2xUiQ/MnlZuoXvpKNqpYI6zHiUjf37szEyT0JDODFn36aTRHvtde65arEs94U5HY2MvR4IGm5m720ZOActH18Wm4LheoOvlpY2iJkWpVw18q+lzX7T4uKIjsKwRbO0AseytfcCRyOuDAlYTJU+lpKMkMBXODRIMpJn4NvBj1E9vaTwo4O2IAh+N/22O+gkJ0Vzg+xXcJeG/V6VRLBpUdsKXivW1v
x-ms-exchange-antispam-messagedata: 3n5NL5mrtgR/tZt0MgCyYlI4vL/JSLDztySQ97kJro1NkQxb1XfZLwR/0+fjPuDtVrhUHpmP/ouXmWeLYoGp0R0I+J0QIX4uXoTehZnEQgrkiWV5SmmXN8U4/12X2uJXp7yl4diMRswXrRpEt0Xbag==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: b7f65d1f-a510-4d44-e33d-08d7c4c5c1c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2020 07:36:33.3895 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ShBAjcxSEEozYkOp20C/l69PcEEzaqAAVhBDx0dv8Qo6GAtCkPlkaPrs14ibZmHuSpjvrJFlsek6laqZhKJjNg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4728
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/3WkdzTiBORSr3PKYMjt_9gsCmls>
Subject: Re: [Acme] IETF 107; agenda
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 07:36:58 -0000


-----Original Message-----
From: Acme <acme-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: 10 March 2020 05:47
To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
Cc: Alexey Melnikov <alexey.melnikov@isode.com>; acme@ietf.org; Mary Barnes <mary.ietf.barnes@gmail.com>
Subject: Re: [Acme] IETF 107; agenda

    > draft-ietf-acme-integrations-00, ACME Integrations
    > Michael Richardson can present.

I was given some slides (wasn't I Owen? Or did you just say that you'd send some), and the major item was to clarify the changes that were made based
comments.   I think that there isn't much to say.   I have running code that
integrates ACME with a BRSKI Registrar.

[ofriel] you *will be* given some slides :)


    > draft-friel-acme-subdomains-02
    > Michael Richardson can present; this is a topic for WG adoption

At first, I think that we thought that this work required no standard action, because it was within the server's policy to do this or not.
However, the client may not know the server's policy, and so section 5 adds the basedomain and implicitSubdomainAuthorization boolean.  If it comes back false (or missing), then the client knows it has to perform authorizations for every request (which is what my code above does).

I think that the WG previously expressed interest in adopting it, pending some changes, and those changes are made.  It may not need actual WG time, except that having it on a schedule sometimes gets a document read :-)

 [ofriel] Similarly, you *will be* given some slides :)