Re: [Acme] WG last call for draft-ietf-acme-email-smime-06

Alexey Melnikov <alexey.melnikov@isode.com> Wed, 01 April 2020 09:40 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 295523A0928 for <acme@ietfa.amsl.com>; Wed, 1 Apr 2020 02:40:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QduTvA2moLWJ for <acme@ietfa.amsl.com>; Wed, 1 Apr 2020 02:40:42 -0700 (PDT)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id 77D7C3A0929 for <acme@ietf.org>; Wed, 1 Apr 2020 02:40:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1585734041; d=isode.com; s=june2016; i=@isode.com; bh=h9+zGwQ1KfQcQRQS+KQmsksUVHsBVlD6v97l8xEVBeA=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=JGZXQo3Uxt73uhORVrQOewHCY7ORPKf+3kpzzplb4txTyIiArG1FCo53HUxc7DNIRwNiWR OJOzL7FSN2pzHCiCymGrAusL0tDQtndDFAymOPknD99myOQrqvlN1HRlGlqM8lI4DXLthd UEYXU//K7u5aTAI+L7+XjVIdRHFM51o=;
Received: from [172.27.251.240] (connect.isode.net [172.20.0.72]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <XoRhmQBKGhKc@statler.isode.com>; Wed, 1 Apr 2020 10:40:41 +0100
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "acme@ietf.org" <acme@ietf.org>
References: <3703708B-4454-4AC9-87AF-961C73B1F331@akamai.com> <CAHbrMsDco31pxyBMBSdbgh5aMnttyC1G_tDTg1tz-aAzto=5dw@mail.gmail.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <fee01750-7afb-02a7-50ee-30453805abec@isode.com>
Date: Wed, 1 Apr 2020 10:39:53 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
In-Reply-To: <CAHbrMsDco31pxyBMBSdbgh5aMnttyC1G_tDTg1tz-aAzto=5dw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------81A5C7FCBFAECE957D38E8A3"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/A4GXqMKuRS00QRFfUYQavAG6msY>
Subject: Re: [Acme] WG last call for draft-ietf-acme-email-smime-06
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2020 09:40:44 -0000

Hi Ben,

My apologies for missing your email in March:

On 12/03/2020 20:42, Ben Schwartz wrote:
> Section 3 says token-part1 "contains at least 64 bit of entropy", but 
> Section 3.1 says token-part1 "MUST be at least 64 octet long after 
> decoding".  Is this difference deliberate?

No, I obviously made a typo when saying octets. I will fix.

> Also 64 octets of entropy is a _lot_.  RFC 8555 says "the token is 
> required to contain at least 128 bits of entropy".
>
> The draft seems to be oriented entirely toward use with e-mail clients 
> that have a built-in ACME-S/MIME client.  I'm a bit disappointed that 
> the draft doesn't accommodate users with "naive" email clients very 
> well, e.g. by allowing customized subject lines.

Actually, I was trying to accommodate naive email clients, but it was a 
fine balance trying to specify minimal requirements.

Can you suggest some specific text to change and then we can discuss 
whether or not it should be done? My thinking about the Subject header 
field was that I wanted to have a unique subject (so that ACME email 
messages are easily findable). I also wanted to allow the token in the 
subject for APIs that can easily access Subject and not other header fields.

Best Regards,

Alexey

> I assume this is deliberate, perhaps because of a desire to use 
> short-TTL S/MIME certificates that would be impractical to provision 
> manually, but the draft doesn't mention a rationale.
>
> On Thu, Mar 12, 2020 at 2:52 PM Salz, Rich 
> <rsalz=40akamai.com@dmarc.ietf.org 
> <mailto:40akamai.com@dmarc..ietf.org>> wrote:
>
>     This mail begins a one-week working group last call on
>     https://datatracker.ietf.org/doc/draft-ietf-acme-email-smime/?include_text=1
>
>     If you have comments or issues, please post here.
>
>     If anyone wants to be a document shepherd, please contact the chairs.
>
>     /r$
>
>     _______________________________________________
>     Acme mailing list
>     Acme@ietf.org <mailto:Acme@ietf.org>
>     https://www.ietf.org/mailman/listinfo/acme
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme