IETF Logo Mail Archive

Re: [Acme] Why "HTTP verification"

Martin Thomson <martin.thomson@gmail.com> Wed, 03 December 2014 16:20 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D43F91A6EE7 for <acme@ietfa.amsl.com>; Wed, 3 Dec 2014 08:20:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zYItbOxMYmse for <acme@ietfa.amsl.com>; Wed, 3 Dec 2014 08:20:27 -0800 (PST)
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCC051A6F44 for <acme@ietf.org>; Wed, 3 Dec 2014 08:20:21 -0800 (PST)
Received: by mail-ob0-f180.google.com with SMTP id wp4so1301277obc.11 for <acme@ietf.org>; Wed, 03 Dec 2014 08:20:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OLgbzhNcS8OKGp1P2QQfmObiwkCELPHsQ2AilLPi+o0=; b=oIjciM2J1oMDmPJOPu4i8UoVn+ngE5s3p2WDtlZJWVDuiSLP8ExIHeUibTOr9K02q2 B+tFYD9Q0s5z7lAbkcTb2G7hswCz4IYWbdgFxEZIxVkQ1CT1AE4piNo5vUTxq2FbFBLw ZURXnJNZNpqI6guL256UMACiU1RUZ8a8XtUiUKJ78WPJTRaGi/vKiKiQ2ILunY76hCjo WnBfrpsyC5qoUh3GH/wSx9xBNtHXakR0QoCFEeaNxYVPtG19Ax7DzJM9BpIelR1CHzgo jHW7Vd0Lu7a8umZKanz3nchFOxxHdhpadyA+x2jw73K3mGftQjdcJOR6rngsKdya3MBe /g0w==
MIME-Version: 1.0
X-Received: by 10.202.111.3 with SMTP id m3mr3505551oic.16.1417623621188; Wed, 03 Dec 2014 08:20:21 -0800 (PST)
Received: by 10.202.115.4 with HTTP; Wed, 3 Dec 2014 08:20:21 -0800 (PST)
In-Reply-To: <CABrd9STe2DrT3YnUQbUe_aO9QHOzmS0Y7MWN4GHU4ZHm5bQoDA@mail.gmail.com>
References: <B80ACB30-1A35-440E-B250-AB8C80D1FAF1@vpnc.org> <CAK6vND-001PK0gP_3Txoge2hvYiKPuA+trd9zj7PzaooOOMH3A@mail.gmail.com> <CABrd9STe2DrT3YnUQbUe_aO9QHOzmS0Y7MWN4GHU4ZHm5bQoDA@mail.gmail.com>
Date: Wed, 03 Dec 2014 08:20:21 -0800
Message-ID: <CABkgnnUiANisJ31pEt2B7rfKjJBt_4WwoF+-KfdXr4pJ3rn2Fw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Ben Laurie <benl@google.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/DQk3tjoqKFkvL4u55Z-LAf6JiLQ
Cc: "acme@ietf.org" <acme@ietf.org>, Peter Bowen <pzbowen@gmail.com>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [Acme] Why "HTTP verification"
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 16:20:30 -0000

On 3 December 2014 at 08:01, Ben Laurie <benl@google.com> wrote:
> Why would you need to replace it? You use SNI on some new domain...

That is currently only specified for the dvsni validation method.  And
it creates an additional burden on the implementation AND it makes it
much, much harder to deploy something like this.  If you have a
front-end that routes on SNI, then it would need to be modified.  The
advantage of simpleHttps is that it doesn't depend on control of the
demux point.

v2.23.0 | Report a Bug | By Email