Re: [Acme] [Technical Errata Reported] RFC8555 (5771)
Rob Stradling <rob@sectigo.com> Wed, 03 July 2019 13:43 UTC
Return-Path: <rob@sectigo.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 413B01200C3 for <acme@ietfa.amsl.com>; Wed, 3 Jul 2019 06:43:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=comodoca.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZTO2VBVHxPmY for <acme@ietfa.amsl.com>; Wed, 3 Jul 2019 06:43:24 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0605.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe41::605]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB1FA1200B4 for <acme@ietf.org>; Wed, 3 Jul 2019 06:43:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comodoca.onmicrosoft.com; s=selector1-comodoca-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gFkHa4jC1O8cYY7a3murMu+2RnANJAHkLM2d+MwTYIk=; b=hSqYhZUBVSIOYUt6oqLqBE+/aTjztaj/svr/lvas/7V4EV4zOXI4ho5iHcjOXbmkNy2VFTqE/OGfMeRMpZNpGPjAkpPldWJ8/oV/wYpAcIKByCCQiF6BK+K0ta+6g8pboWKdOh/pUKq1u3qfMoWSP8geaF8bOML4o8YHtSO8lgY=
Received: from DM5PR17MB1211.namprd17.prod.outlook.com (10.173.132.148) by DM5PR17MB1995.namprd17.prod.outlook.com (10.173.131.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2032.20; Wed, 3 Jul 2019 13:43:21 +0000
Received: from DM5PR17MB1211.namprd17.prod.outlook.com ([fe80::b556:345c:94cf:7258]) by DM5PR17MB1211.namprd17.prod.outlook.com ([fe80::b556:345c:94cf:7258%6]) with mapi id 15.20.2052.010; Wed, 3 Jul 2019 13:43:21 +0000
From: Rob Stradling <rob@sectigo.com>
To: "Salz, Rich" <rsalz@akamai.com>, RFC Errata System <rfc-editor@rfc-editor.org>, "rlb@ipv.sx" <rlb@ipv.sx>, "jsha@eff.org" <jsha@eff.org>, "cpu@letsencrypt.org" <cpu@letsencrypt.org>, "jdkasten@umich.edu" <jdkasten@umich.edu>, "rdd@cert.org" <rdd@cert.org>, "kaduk@mit.edu" <kaduk@mit.edu>, "ynir.ietf@gmail.com" <ynir.ietf@gmail.com>
CC: "acme@ietf.org" <acme@ietf.org>
Thread-Topic: [Technical Errata Reported] RFC8555 (5771)
Thread-Index: AQHVMN8HQnk98bJ0t0yXECJcNI6oBaa3ZbEAgAE5vQCAADCKAIAAGM8A
Date: Wed, 03 Jul 2019 13:43:21 +0000
Message-ID: <323a3a4d-93f6-0ab6-496d-83f03ca32759@sectigo.com>
References: <20190702140400.527D3B81CB0@rfc-editor.org> <015B3FA2-45AA-4D06-9C18-99693FB2B785@akamai.com> <368f9853-11e4-1367-9ad0-7dc6f4fa343c@sectigo.com> <F2724322-7533-4D0D-9637-E44E31F3192B@akamai.com>
In-Reply-To: <F2724322-7533-4D0D-9637-E44E31F3192B@akamai.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: CWXP265CA0059.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:2c::23) To DM5PR17MB1211.namprd17.prod.outlook.com (2603:10b6:3:8b::20)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rob@sectigo.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2a0e:ac00:25d:300:f68e:38ff:fe7a:a226]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e8d3e71d-e2da-42e3-6fb1-08d6ffbc6988
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR17MB1995;
x-ms-traffictypediagnostic: DM5PR17MB1995:
x-microsoft-antispam-prvs: <DM5PR17MB199573E06A3923254FA2FAC7AAFB0@DM5PR17MB1995.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 00872B689F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(376002)(39850400004)(396003)(366004)(199004)(189003)(51444003)(25786009)(6512007)(99286004)(4326008)(229853002)(14444005)(6436002)(102836004)(256004)(53546011)(14454004)(476003)(11346002)(6116002)(6506007)(386003)(446003)(186003)(2616005)(66446008)(66556008)(66946007)(2501003)(66476007)(71200400001)(71190400001)(6486002)(2171002)(76176011)(52116002)(73956011)(2201001)(81166006)(5660300002)(68736007)(316002)(31696002)(46003)(110136005)(305945005)(36756003)(31686004)(7736002)(2906002)(6246003)(486006)(86362001)(7416002)(478600001)(8936002)(8676002)(64756008)(81156014)(53936002)(921003)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR17MB1995; H:DM5PR17MB1211.namprd17.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: sectigo.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: PxzQ4/KaUMyQnwJYBGwgMibo5c4ZyD1noDXkJKM7nptsmyGT+n3z6uy13QBI3R9ynLaBIFOT4f09zBEC66m2aaMsNTcjSEoh6DbilRJSKGWJVMB4giZ/NIm8KD2YNqQ2fOWM9R7cntKtyU9j2TXshZHjwHq1mJeWFbwTBdVaJkJ6bpcBFAIk3VU2PA6tuueXjkFNTA/UKTXSVTorUo0ViY4jsVXFBA7IWghdBUxKuP1jfSJDIfkULD/xi0YTh/cp83DiKlJVyZbkL4ZhfHaQNg9M8f8jQwcfGVe8LAF4gcMmZAAFtuOBlCZAoF27EoM+tscJey3WOwG7f5GSEbcG5FiMx5DHphvyGg1DzPcel/wG1cATLrY71YUKT0own+hhnnc7rwk2RO4XWrbyqBPXAfHEMVYceOk9bFvAE4FrxVg=
Content-Type: text/plain; charset="utf-8"
Content-ID: <0246C38479B0FF4C8AC6F61F057833D8@namprd17.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sectigo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e8d3e71d-e2da-42e3-6fb1-08d6ffbc6988
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2019 13:43:21.1369 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e9c4894-6caa-465d-9660-4b6968b49fb7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: robs@comodoca.net
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR17MB1995
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/AyWmy9bPKSfKmHo4lHyWTEJ0vQQ>
X-Mailman-Approved-At: Wed, 03 Jul 2019 08:24:27 -0700
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (5771)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2019 13:43:26 -0000
On 03/07/2019 13:14, Salz, Rich wrote: >> I don't think so. IINM, HTTP caching only comes into play when a client > sends a subsequent HTTP request message that may (or may not) be > satisfied by a cached HTTP response message. > > A client that follows caching shouldn't send a new request if the cache-control headers on the first response direct it not to, right? Right, but the prerequisite is that the client explicitly wants to obtain a fresh (or at least unexpired) HTTP response message. If that's not the case, then HTTP caching doesn't come into play, because HTTP itself doesn't come into play. ISTM that once an ACME client has extracted a directory object from an HTTP response message, then both HTTP and HTTP caching are no longer in play. The client is now only dealing with a directory object, not an HTTP response message. (From Jacob's message, I get the impression that this is the prevailing understanding). > > Clients could also use If-Modified-Since, right? > > Good point. > > Then maybe the errata could just be > Clients SHOULD use an If-Modified-Since header to get more effective caching. I think that's a useful optimization suggestion, but I don't think it addresses the issue. The idea behind the erratum is to force HTTP caching rules to apply to directory objects, so that servers can update their directory objects and expect clients to take note. -- Rob Stradling Senior Research & Development Scientist Sectigo Limited
- [Acme] [Technical Errata Reported] RFC8555 (5771) RFC Errata System
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Salz, Rich
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Jacob Hoffman-Andrews
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Stefan Eissing
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Rob Stradling
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Salz, Rich
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Rob Stradling
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… stefan@eissing.org
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Rob Stradling
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Ask Bjørn Hansen
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Salz, Rich
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Rob Stradling