Re: [Acme] Conflicting requirements for retrieving an ACME account that is already bound to an external account
John Gardiner Myers <jgmyers@proofpoint.com> Wed, 18 November 2020 23:30 UTC
Return-Path: <jgmyers@proofpoint.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1752F3A0E72 for <acme@ietfa.amsl.com>; Wed, 18 Nov 2020 15:30:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FAKE_REPLY_A1=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=proofpoint.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IfyDpY4v1EW for <acme@ietfa.amsl.com>; Wed, 18 Nov 2020 15:30:28 -0800 (PST)
Received: from mx0a-00148503.pphosted.com (mx0b-00148503.pphosted.com [148.163.159.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B02D3A0E71 for <acme@ietf.org>; Wed, 18 Nov 2020 15:30:22 -0800 (PST)
Received: from pps.filterd (m0086146.ppops.net [127.0.0.1]) by mx0b-00148503.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0AINUMTO016514 for <acme@ietf.org>; Wed, 18 Nov 2020 15:30:22 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proofpoint.com; h=from : to : subject : message-id : date : mime-version : content-type; s=corp-2019-08-07; bh=bFvV1TCoQZOQLT8UCTsjlHxQP+NDSvl8al0QuxnSpo0=; b=O6A9xw48ZNmebBgVkLg2jrPIXNLTcMkxaQE/JbbUZMuTgh3dhrgu69HYKI0AI+q57AEO hRbbayfrAdEkXxSrSADIH8Dim0J7w6R+84nyvv0tpLVfUZ7b0SsrsQcnEI0xhMVoGKnR 1kvTMu6nM0WOGL1EpEbRv7C99uVWLw/LmhJTOmDAe3C5Zt5/7B+VfF4dMrFSUW7qJguH HJoEKustIuim473oE2yupeIqEflPnad6l07uPw5A5/noFI37WiXIJ10SSdnfUIegD0J1 /SV7iNRcmCN1cnml6VLVQp7FvfWmwreOS37o0hcV4Lp+mKdQuHDjr7bADikHFknnSF9c Mg==
Received: from lv-exch03.corp.proofpoint.com ([136.179.16.100]) by mx0b-00148503.pphosted.com with ESMTP id 34wa6g05gu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <acme@ietf.org>; Wed, 18 Nov 2020 15:30:22 -0800
Received: from lv-exch06.corp.proofpoint.com (10.19.10.26) by lv-exch03.corp.proofpoint.com (10.19.10.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1979.3; Wed, 18 Nov 2020 15:30:21 -0800
Received: from Johns-iMac.local (10.19.16.20) by lv-exch06.corp.proofpoint.com (10.19.10.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1979.3; Wed, 18 Nov 2020 15:30:20 -0800
From: John Gardiner Myers <jgmyers@proofpoint.com>
To: acme@ietf.org
Message-ID: <538f19d2-b002-5fc3-f4a0-8b5a7da8a7b5@proofpoint.com>
Date: Wed, 18 Nov 2020 15:30:20 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Thunderbird/78.4.3
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------9FEA34CD206E47FC33AFDCAA"
Content-Language: en-US
X-Originating-IP: [10.19.16.20]
X-ClientProxiedBy: lv-exch03.corp.proofpoint.com (10.19.10.23) To lv-exch06.corp.proofpoint.com (10.19.10.26)
X-PassedThroughOnPremises: Yes
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-18_10:2020-11-17, 2020-11-18 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxlogscore=651 phishscore=0 suspectscore=1 priorityscore=1501 clxscore=1011 mlxscore=0 malwarescore=0 lowpriorityscore=0 bulkscore=0 spamscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011180162
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/8hyWXFIs_x4e_rTK7KyV1hyMNnw>
Subject: Re: [Acme] Conflicting requirements for retrieving an ACME account that is already bound to an external account
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 23:52:49 -0000
> Clients already have to store one piece of state (the account > key), and asking them to store a second piece of state (the account URL) is > not onerous. I would disagree: there is a key difference between the two pieces of state, especially to systems using a declarative desired state and a reconciliation agent. The account key is determined by the client and thus can be made part of the declared desired state, whereas the account URL needs to be obtained from the server and thus can't be known until reconciliation has started. With the inability to recover the account URL, it would be necessary to either have separate procedures for initial setup and restoration (backing up and restoring the account URL, respectively) or to reset or reprovision the external account (which is inconvenient after an event causing the loss of reconciliation state).
- [Acme] Conflicting requirements for retrieving an… Rob Stradling
- Re: [Acme] Conflicting requirements for retrievin… Jacob Hoffman-Andrews
- Re: [Acme] Conflicting requirements for retrievin… Rob Stradling
- Re: [Acme] Conflicting requirements for retrievin… John Gardiner Myers