Re: [Acme] Registering a PEM Content-Type
Eric Rescorla <ekr@rtfm.com> Sun, 12 March 2017 21:20 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F911129415 for <acme@ietfa.amsl.com>; Sun, 12 Mar 2017 14:20:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bqMnBZoRtuO9 for <acme@ietfa.amsl.com>; Sun, 12 Mar 2017 14:20:09 -0700 (PDT)
Received: from mail-yw0-x232.google.com (mail-yw0-x232.google.com [IPv6:2607:f8b0:4002:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88B171293FB for <acme@ietf.org>; Sun, 12 Mar 2017 14:20:09 -0700 (PDT)
Received: by mail-yw0-x232.google.com with SMTP id v198so49305591ywc.2 for <acme@ietf.org>; Sun, 12 Mar 2017 14:20:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kPBbVGkD6kFhiF1Knzgtcl8sWEPnApRWRYdHknElY8Q=; b=n0xc9H8UQT2V6UoF/U5/q2yclqgRHfF8kIwZFmDt1AtgQVg9UT//GIhe2BxkbW8DYy JErwzCVW+UeikJvBv1bj7Uw8xLLyJ2Z8W/UKf/e+iHnCH5Gq2xvT0WnWH1gSoAlWUI5g qtSjDUTGZ1B0RB9SagbKsm5sLqBc3Nut4a0b8wtNOqpYuc76Z0DljKAXC/yoFQTgKDft mHiVluOmnk6SKQe8WmNJt96ltjv2hN9LTkkbXzKxPSnmphMVy8PXyGULhs1Rsa2Tb58X upiI2XqXzdc0xYkKpMgJbI/lGZ7wCmUlXsuDv25QePgKh5IHi6jXekQmzCU+Rl0mQauA IY/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kPBbVGkD6kFhiF1Knzgtcl8sWEPnApRWRYdHknElY8Q=; b=s1p7SYQ+O5hm1SZ/hnLBtG3/EUJfht+G6hbq8j3usxanPYBGhiy89a6dkDZA0itVRC j641Qd2sgUpFbEwE/IkzntrsMP1xX+g02P0WQuCgvFIrZ4R05qLbmaILvj4krqDl3/vB H/VmAiS3ODRuVby6fCTpmWMJwUF8xDKgD0cwqcMr3QDDiFrXrh+jkG73yLB0vEkhXLLU XAhGsARt9V95M9ZHil+Q2bDX8dTfCkcc01izvsk6x4cnYjD17TX92Y3QF30jmO0rvWOm LYj5bF3Py6wQO+IuVAFlGiRqjpDOylTF03J8rnPV/NY2fgyLL4iiO4oOfB2LpW1ebypw zX4Q==
X-Gm-Message-State: AMke39mjr+po1jSBXcx5UXXABNm6VdL6TCeLDbZJcwCOTZyDlAUINsoVt7VGgeK551mL6iJE01RwkFJOKu06OA==
X-Received: by 10.129.125.5 with SMTP id y5mr14868299ywc.120.1489353608717; Sun, 12 Mar 2017 14:20:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.154.210 with HTTP; Sun, 12 Mar 2017 14:19:28 -0700 (PDT)
In-Reply-To: <5a413c90-e2d6-12c8-174f-540fed9b7a58@eff.org>
References: <9baa4aca-120c-4ce8-b118-68dca3917f57@eff.org> <CAKnbcLjUjvi5L=bHrj57PE-CqBcms9Fq-JwXNg=82fzXc=OomQ@mail.gmail.com> <CAL02cgQwa=dHouxS2n+NTi82P=4N6YGt_fCGSHinKdK1f1e96Q@mail.gmail.com> <cd6eea24-8234-50f8-2843-18299fcf1f6d@eff.org> <0af75256fcfd40b580b8e5696d8b0e00@usma1ex-dag1mb1.msg.corp.akamai.com> <5a413c90-e2d6-12c8-174f-540fed9b7a58@eff.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 12 Mar 2017 14:19:28 -0700
Message-ID: <CABcZeBPo62c3zuGr8uOwzU3c45AXpPHHRH6se3d-s_9KEK=oHQ@mail.gmail.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Content-Type: multipart/alternative; boundary="001a11493644cb359b054a8f2852"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/FieCCK6TugrWzca2fISlx6t7q5A>
Cc: Richard Barnes <rlb@ipv.sx>, "Salz, Rich" <rsalz@akamai.com>, "acme@ietf.org" <acme@ietf.org>, Daniel McCarney <cpu@letsencrypt.org>
Subject: Re: [Acme] Registering a PEM Content-Type
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Mar 2017 21:20:13 -0000
On Sun, Mar 12, 2017 at 12:54 PM, Jacob Hoffman-Andrews <jsha@eff.org> wrote: > On 03/12/2017 12:50 PM, Salz, Rich wrote: > > What about saying each certificate SHOULD be a signer on *A* preceding > certificate? This allows us to serve a single cert chain for both MD5 and > SHA1, for example. (Contrived examples of course.) > I think the current language (copied from TLS 1.3) conveys that, though > it's a bit subtle: > > > Each following certificate SHOULD directly certify one preceding it. > Note: this used to be a MUST-level requirement, but due to the complexities of the deployed PKI, in 1.3 it was relaxed to be a SHOULD. -Ekr > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] Registering a PEM Content-Type Jacob Hoffman-Andrews
- Re: [Acme] Registering a PEM Content-Type Daniel McCarney
- Re: [Acme] Registering a PEM Content-Type Richard Barnes
- Re: [Acme] Registering a PEM Content-Type Jacob Hoffman-Andrews
- Re: [Acme] Registering a PEM Content-Type Salz, Rich
- Re: [Acme] Registering a PEM Content-Type Clint Wilson
- Re: [Acme] Registering a PEM Content-Type Jacob Hoffman-Andrews
- Re: [Acme] Registering a PEM Content-Type Salz, Rich
- Re: [Acme] Registering a PEM Content-Type Jacob Hoffman-Andrews
- Re: [Acme] Registering a PEM Content-Type Eric Rescorla
- Re: [Acme] Registering a PEM Content-Type Salz, Rich