IETF Logo Mail Archive

Re: [Acme] Review of draft-friel-acme-subdomains-02

"Owen Friel (ofriel)" <ofriel@cisco.com> Wed, 02 September 2020 09:42 UTC

Return-Path: <ofriel@cisco.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9743A0F62 for <acme@ietfa.amsl.com>; Wed, 2 Sep 2020 02:42:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=J4Pvadj5; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=bJacB7LC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3dFx-S8IZaK6 for <acme@ietfa.amsl.com>; Wed, 2 Sep 2020 02:42:02 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 882493A0CB1 for <acme@ietf.org>; Wed, 2 Sep 2020 02:42:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1633; q=dns/txt; s=iport; t=1599039722; x=1600249322; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=4Q2+WwcEgInYhAS6tylj1v4gelBZh+bTscionwcy+UU=; b=J4Pvadj5S5pi0uMKFkfQjp5WA1LkObhisnapoO5GGZ12CdxUBDeAfDV4 KqvaYsGgO8kLSxaN6RDBoOuc5A9KNxJh/suuglkggisIHk6VFoJlkcg/z BgQSBKSQ5bVh8t59YbNb94fQB9cOSbYL4UOeIrkcPr65XNUmHqoT7dBZe w=;
IronPort-PHdr: 9a23:sAe/IheEAb08A5FXhjyNpkHplGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwaTBdfF6v1Fj/HbuObrXmlTqZqCsXVXdptKWldFjMgNhAUvDYaDDlGzN//laSE2XaEgHF9o9n22Kw5ZTcD5YVCBvHy97DoJFx65Pg1wdaz5H4fIhJGx0Oa/s5TYfwRPgm+7ZrV/ZBW7pAncrI8Ym4xnf60w0RDO5HBPfrdb
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CxCQDOZ09f/4QNJK1gHgEBCxIMQIMcUQdwWC8sCod0A411mHGCUwNVCwEBAQwBARgNCAIEAQGETAKCIwIkOBMCAwEBCwEBBQEBAQIBBgRthVwMhXIBAQEBAwEBECgGAQEsDAsEAgEIEQMBAQEfECcLHQgCBAESCBqDBYJLAy4BDqRbAoE5iGF0gTSDAQEBBYU6GIIQAwaBOIJxhiSEERuBQT+BEUOCTT6CXAEBgWGDSIIttm4KgmWIaJFrgwmJbwWTWZJRik6VCQIEAgQFAg4BAQWBayOBV3AVO4JpUBcCDY4fg3GFFIVCdDcCBgoBAQMJfI48AYEQAQE
X-IronPort-AV: E=Sophos;i="5.76,381,1592870400"; d="scan'208";a="798386884"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Sep 2020 09:41:55 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 0829ftPi025971 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 2 Sep 2020 09:41:56 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Sep 2020 04:41:55 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Sep 2020 05:41:54 -0400
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 2 Sep 2020 04:41:54 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lwnqsEKdnCCZcHWs1qSqIVKbvipOZ1u0diYdtWx766ADeODABuSb2xh1bxYZhZQGmXuIe5okIwz3JxsLmPgY2RACK0Vjnpv95+O55c8cH/CBbXXfEaLLIk4Sdea25gA6XbWJEgOuDJ3uwJS4jGbcmFhSVBW58ZJeWa1wXNgUXaVmkrJkNvQcOmPzqHJiXC86XOJG5aU5iWzNa0lJKPJBPEyX0oQTfrGyL/yC2pZZvOGN7ZRyw6r4q6Xs7q3+huYdKUPzhgFiXEgaLmQgxDgQpZ5AKzHAK1HkeLe8J25k9VDQcKRlISC6l23ryGkRD7qv9+mkJQNnmLLPVEq74T3ORA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WyBjL4HWNpfbs1/HgKuJylx4b3/rcjvhY2qnQFMvV6I=; b=Hrz/851IPFbxAQ3NoqJVfm8By+TyxmRLVlyLiYMhhdmrJWpNT5FBZw9edsRawqnd1TVPFCrzX7ZCAWmcZjF98ZMmcP9RA9EPv6/Fsiki1KjdEnQVoyTt4kAYJbeq58zyjFmKi2WuXDq2kYBCb9zm8e5Pb2Gq4H5PAvKy6x6JjXxL/bUU+3MhbG/Cp+CB4mBH8JX/X7jyawlcv/a/UiimRipBdC/ge5WfSyFMQubbHSpsdyFNfIx3u1YS/LOGvTNLmx9RUzEGqCD1zbgbDzDeiRY5EnCJNHFWp1CpSSqdUzDT7wBzWnRiOn0PFomU/3BbuBECbY62eeUBXLW76e4a3Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WyBjL4HWNpfbs1/HgKuJylx4b3/rcjvhY2qnQFMvV6I=; b=bJacB7LCx24sm+NhQphZ1/AMTdMXN/zvyeHdx3FYf48RwGVFRSHAaXCgCa1c/op5humZh0a5IoMXehy6f3mUdv10nSuQnahc3CnXC3NOJ+4kna1SA9vwiaQl6r4JmjXk1VcyvcGpr+phRqrvPfoMtFEPgQxYXctorSjwCT1J53U=
Received: from CY4PR11MB1685.namprd11.prod.outlook.com (2603:10b6:903:22::23) by CY4PR1101MB2184.namprd11.prod.outlook.com (2603:10b6:910:24::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.25; Wed, 2 Sep 2020 09:41:53 +0000
Received: from CY4PR11MB1685.namprd11.prod.outlook.com ([fe80::acba:ff73:21ab:6c5d]) by CY4PR11MB1685.namprd11.prod.outlook.com ([fe80::acba:ff73:21ab:6c5d%3]) with mapi id 15.20.3326.025; Wed, 2 Sep 2020 09:41:53 +0000
From: "Owen Friel (ofriel)" <ofriel@cisco.com>
To: Russ Housley <housley@vigilsec.com>, IETF ACME <acme@ietf.org>
Thread-Topic: [Acme] Review of draft-friel-acme-subdomains-02
Thread-Index: AQHWarDVa1jsQHCu8UGRQ/b0xVxoz6lVRNdw
Date: Wed, 02 Sep 2020 09:41:53 +0000
Message-ID: <CY4PR11MB168513A0ECC978396BEF5313DB2F0@CY4PR11MB1685.namprd11.prod.outlook.com>
References: <39F039BC-BFEA-49D4-9D75-267A5446FE99@vigilsec.com>
In-Reply-To: <39F039BC-BFEA-49D4-9D75-267A5446FE99@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.39.121.92]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7c3ac77d-2c30-4910-e3d3-08d84f246cdf
x-ms-traffictypediagnostic: CY4PR1101MB2184:
x-microsoft-antispam-prvs: <CY4PR1101MB2184585A9B6D8E3DBAFEAD57DB2F0@CY4PR1101MB2184.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2958;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QU/gopL1K0bUmnJwQSsWlwZBXJ+TKc1OaIHpmWfBgbYzpofGyqJbVaVsNg6BXsxIGCDrciF2jTe+shkj2gmRgRfN+MOcbBokdciUPl1Kc5bCOCxYnmUvcMFz3mEvA/wXcru2VY1/aFgB0voK3189cy/ge8Te1QNXwFxk2vqzGOooveGJnUdYrZWCPBYP2qSy3vfIo8wBsSc+4h0TP45vY3dmVyxlIMXLEhYzwoB+nwAEwZqry4hOMTL471oQRfxU/U17BhqxOnbPs6wI4SUbRHzs9rxxGAgFDmQLd9Ibd5Q3JTjDESHTVYNE9BJ9ffWRHlf3/+aGquBjtVVCr0lkxnNYYecjnETwtmG2D2WufL+XUfo943n4dOG9fls9GL3TffG7+u8ZMeZXm+SyPDDNEg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY4PR11MB1685.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(39860400002)(366004)(346002)(376002)(136003)(2906002)(86362001)(52536014)(33656002)(5660300002)(26005)(186003)(64756008)(110136005)(478600001)(66446008)(83380400001)(316002)(66476007)(66556008)(9686003)(7696005)(8676002)(6506007)(8936002)(76116006)(966005)(66946007)(53546011)(71200400001)(55016002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: zMP7xBMGAENY6pfa3cAK56xaI019DX437Ka9QNEDSd6of9tp/d8NeDYFSLG40Zn8y4MXyG8KG8B/+Wn+V+GBtBv6YH/6qDCdXhp/mJJ3vq2M/9OkgT7l3wupx/gc0EAVNNJ9nnbiqMLuF45hV3axglEj3CFYbt32gAooscb/zt8Gg/TNS59YfUp0GyiXGii/AEFQFkOf+r9R4677BniwZ3VX7mUIcMl5GrhV0jFfcGZHm9aWWjZIc+0ZL5THEcdfqNDXxTYrF2RLry3NyyEq/VJptt10l8VAJ5wyK/f1kF8Q6YnNpqYlOOFbipnPiljS63IdEm5RwShXg8Gvust+W9vWSwuP6bdw85V7o067X1fxMrY0E7871lZQdBQoEvFVkeim4Y8EdkR6apcbrZKnV3Sh5GmioMhSRiHdxAhcYvHwolYQA4mycOapd6z1kNkQvk27CnXJwc21/k24WMXFA5RiDlKtq3aHylrl2DDYR2M8re1Wyz68Tb4SM9LHMZ5lIBqomdzEcold0c88LOx4zR+HwPHvtfRUL0RlHSDGBjV6+a/NtP3vQZUEF2xurl7YcYe2nPa42dw6PqcO53AURizQECCtfM3yl8qFoWs3Vm5k7wrQfge+iJHUu2zm8wkmJtMxP6kxTJOV6sxc33o6pg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1685.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7c3ac77d-2c30-4910-e3d3-08d84f246cdf
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Sep 2020 09:41:53.6084 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Sen+mo2HWL5KSN3tK+LYllRXnSet6l9EgWIyHnEosu7Jkk2Dhv1xroB8IrjCmtGw0IcOJfT+tlotBG+c+IBsYA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2184
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/MiY_0_7wR2MXGOzWZH5jxtHbUqs>
Subject: Re: [Acme] Review of draft-friel-acme-subdomains-02
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2020 09:42:04 -0000

Thanks Russ. I've addressed all these in github at: https://github.com/upros/acme-subdomains/blob/master/draft-friel-acme-subdomains.md. I have not pushed out draft-03 yet, lets see what Jacob and Felipe have to say on the related thread about challenge options, and I will incorporate then.


-----Original Message-----
From: Acme <acme-bounces@ietf.org> On Behalf Of Russ Housley
Sent: 05 August 2020 06:44
To: IETF ACME <acme@ietf.org>
Subject: [Acme] Review of draft-friel-acme-subdomains-02

Document: draft-friel-acme-subdomains-02
Reviewer: Russ Housley
Date: 2020-08-04

Major Concern:

The TODO markers regarding wildcard domain names, the 200 response code, and the security considerations should be filled in with strawman text before this I-D is adopted by the ACME WG.


Minor Concerns:

General: s/certificate authority/certification authority/ (many)

Abstract: s/certificate authority policy/certificate policy/

Introduction: s/X.509 (PKIX)/X.509v3 (PKIX) [RFC5280]/

Terminology: Correct CA, please.  See above.

Terminology: Please add a definition of subdomain.


Nits:

Section 3: says:

   3.  client sends POST-as-GET requests to retrieve the
       "authorizations", with the downloaded "authorization" object(s)
       containing the "identifier" that the client must prove control of

s/client must prove control of/client must prove that they control/

There is something wrong with the table formatting in Section 6.2.

_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email