IETF Logo Mail Archive

Re: [Acme] AD Review: draft-ietf-acme-star-delegation-04

Roman Danyliw <rdd@cert.org> Tue, 23 February 2021 17:41 UTC

Return-Path: <rdd@cert.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAD4A3A0C94 for <acme@ietfa.amsl.com>; Tue, 23 Feb 2021 09:41:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fyWgeFMxXoFQ for <acme@ietfa.amsl.com>; Tue, 23 Feb 2021 09:41:12 -0800 (PST)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 796E13A0C8B for <acme@ietf.org>; Tue, 23 Feb 2021 09:41:12 -0800 (PST)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 11NHf45G037853; Tue, 23 Feb 2021 12:41:04 -0500
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 11NHf45G037853
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1614102064; bh=JCWqwUCxk684/ayIcmUj9YHL5C7OBjwo12ZCAIe/0T8=; h=From:To:Subject:Date:References:In-Reply-To:From; b=crdO2337amDLWOqQaXXxcgcNdZE+uJPi4bS8BL+n3XNpDC55L45uCLrew1W3OWEoZ BskLXS2z9bbSoWeHLg0fT+EFSTtDtz7ZiBrpJJDsKv96Q4LmqDxYLgtJgc8LMYNKZN fAx9NwrrYPDlZCVH3aVZ0SIhbOwCX+iNE+lI7NLg=
Received: from MURIEL.ad.sei.cmu.edu (muriel.ad.sei.cmu.edu [147.72.252.47]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 11NHf1kb026706; Tue, 23 Feb 2021 12:41:01 -0500
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 23 Feb 2021 12:41:01 -0500
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2106.002; Tue, 23 Feb 2021 12:41:01 -0500
From: Roman Danyliw <rdd@cert.org>
To: "Salz, Rich" <rsalz@akamai.com>, Yaron Sheffer <yaronf.ietf@gmail.com>, IETF ACME <acme@ietf.org>
Thread-Topic: [Acme] AD Review: draft-ietf-acme-star-delegation-04
Thread-Index: Adb7Rh0lkRNAgi4VQP6kSm1bN0WrcAA9E/IAA2wWkiAACU0PgAABjd0g
Date: Tue, 23 Feb 2021 17:41:00 +0000
Message-ID: <00d4f01f0d294cd8b0d9fe3285048cfc@cert.org>
References: <5b94cd8f4c4944838936589cea70bd62@cert.org> <B85D7793-E228-4B95-B8DF-FD46F71F4F1C@intuit.com> <404f7522d37b41ecabb854bee42dc333@cert.org> <866D4B0C-25EC-4E6C-81ED-A765DEBF3484@akamai.com>
In-Reply-To: <866D4B0C-25EC-4E6C-81ED-A765DEBF3484@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.228]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ARQNfRhR74QsJbh2jYWjwGaW5OY>
Subject: Re: [Acme] AD Review: draft-ietf-acme-star-delegation-04
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2021 17:41:15 -0000

Hi Rich!

> -----Original Message-----
> From: Salz, Rich <rsalz@akamai.com>
> Sent: Tuesday, February 23, 2021 12:16 PM
> To: Roman Danyliw <rdd@cert.org>; Yaron Sheffer <yaronf.ietf@gmail.com>;
> IETF ACME <acme@ietf.org>
> Subject: Re: [Acme] AD Review: draft-ietf-acme-star-delegation-04
> 
> > I appreciate this approach is additional work and pulls in another
> "technology" that isn't a natural fit in the ACME ecosystem.
> 
> I think using CDDL is a bad idea.  As you point out, it's not a natural fit.  I looked
> at Appendix B of RFC 8610, and while I *think* it would work, I'm not positive.
> 
> None of the other ACME documents have used a schema and seem to be
> acceptable. If the WG authors really think a schema language is needed, I
> betcha they could craft ABNF or even ASN.1  (ISO X.697 if you need to go that
> far). Make Appendix B informative and change the second bullet in 5.6 to be "A
> description of the extension syntax." Beware of over-specifying.

I think there is a lot of flexibility on the modeling language.  There just needs to be something formally describing the langauge.   <No Hat>Whatever is done, I hope the existing schema stays in the document as I think it will be helpful to implementors.</No Hat>

> When JSON Schema finally becomes published, re-open ACME (heh:) and put
> out an "updates" document that makes everything like you want it to be.
>
> >Also, there are discussions
> > between the leaders of the JSON Schema effort and people on the
> >HTTP-API  working group, with the goal of standardizing it there.
>
> As a co-chair of that group I'll say that the HTTP-API group does not feel json
> schema belongs there as we have too much work already and JSON isn't just
> about API's. My guess is it will end up in another group. Which will of course
> mean things take even longer.

Thanks for the update.  It seems like there is a need here.  I hope a home can be found.

Roman

v2.23.0 | Report a Bug | By Email