From nobody Wed Sep 2 02:42:06 2020 Return-Path: X-Original-To: acme@ietfa.amsl.com Delivered-To: acme@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9743A0F62 for ; Wed, 2 Sep 2020 02:42:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.598 X-Spam-Level: X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=J4Pvadj5; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=bJacB7LC Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3dFx-S8IZaK6 for ; Wed, 2 Sep 2020 02:42:02 -0700 (PDT) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 882493A0CB1 for ; Wed, 2 Sep 2020 02:42:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1633; q=dns/txt; s=iport; t=1599039722; x=1600249322; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=4Q2+WwcEgInYhAS6tylj1v4gelBZh+bTscionwcy+UU=; b=J4Pvadj5S5pi0uMKFkfQjp5WA1LkObhisnapoO5GGZ12CdxUBDeAfDV4 KqvaYsGgO8kLSxaN6RDBoOuc5A9KNxJh/suuglkggisIHk6VFoJlkcg/z BgQSBKSQ5bVh8t59YbNb94fQB9cOSbYL4UOeIrkcPr65XNUmHqoT7dBZe w=; IronPort-PHdr: =?us-ascii?q?9a23=3AsAe/IheEAb08A5FXhjyNpkHplGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwaTBdfF6v1Fj/HbuObrXmlTqZqCsXVXdptKWl?= =?us-ascii?q?dFjMgNhAUvDYaDDlGzN//laSE2XaEgHF9o9n22Kw5ZTcD5YVCBvHy97DoJFx?= =?us-ascii?q?65Pg1wdaz5H4fIhJGx0Oa/s5TYfwRPgm+7ZrV/ZBW7pAncrI8Ym4xnf60w0R?= =?us-ascii?q?DO5HBPfrdb?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CxCQDOZ09f/4QNJK1gHgEBCxIMQIM?= =?us-ascii?q?cUQdwWC8sCod0A411mHGCUwNVCwEBAQwBARgNCAIEAQGETAKCIwIkOBMCAwE?= =?us-ascii?q?BCwEBBQEBAQIBBgRthVwMhXIBAQEBAwEBECgGAQEsDAsEAgEIEQMBAQEfECc?= =?us-ascii?q?LHQgCBAESCBqDBYJLAy4BDqRbAoE5iGF0gTSDAQEBBYU6GIIQAwaBOIJxhiS?= =?us-ascii?q?EERuBQT+BEUOCTT6CXAEBgWGDSIIttm4KgmWIaJFrgwmJbwWTWZJRik6VCQI?= =?us-ascii?q?EAgQFAg4BAQWBayOBV3AVO4JpUBcCDY4fg3GFFIVCdDcCBgoBAQMJfI48AYE?= =?us-ascii?q?QAQE?= X-IronPort-AV: E=Sophos;i="5.76,381,1592870400"; d="scan'208";a="798386884" Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Sep 2020 09:41:55 +0000 Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 0829ftPi025971 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 2 Sep 2020 09:41:56 GMT Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Sep 2020 04:41:55 -0500 Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Sep 2020 05:41:54 -0400 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 2 Sep 2020 04:41:54 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lwnqsEKdnCCZcHWs1qSqIVKbvipOZ1u0diYdtWx766ADeODABuSb2xh1bxYZhZQGmXuIe5okIwz3JxsLmPgY2RACK0Vjnpv95+O55c8cH/CBbXXfEaLLIk4Sdea25gA6XbWJEgOuDJ3uwJS4jGbcmFhSVBW58ZJeWa1wXNgUXaVmkrJkNvQcOmPzqHJiXC86XOJG5aU5iWzNa0lJKPJBPEyX0oQTfrGyL/yC2pZZvOGN7ZRyw6r4q6Xs7q3+huYdKUPzhgFiXEgaLmQgxDgQpZ5AKzHAK1HkeLe8J25k9VDQcKRlISC6l23ryGkRD7qv9+mkJQNnmLLPVEq74T3ORA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WyBjL4HWNpfbs1/HgKuJylx4b3/rcjvhY2qnQFMvV6I=; b=Hrz/851IPFbxAQ3NoqJVfm8By+TyxmRLVlyLiYMhhdmrJWpNT5FBZw9edsRawqnd1TVPFCrzX7ZCAWmcZjF98ZMmcP9RA9EPv6/Fsiki1KjdEnQVoyTt4kAYJbeq58zyjFmKi2WuXDq2kYBCb9zm8e5Pb2Gq4H5PAvKy6x6JjXxL/bUU+3MhbG/Cp+CB4mBH8JX/X7jyawlcv/a/UiimRipBdC/ge5WfSyFMQubbHSpsdyFNfIx3u1YS/LOGvTNLmx9RUzEGqCD1zbgbDzDeiRY5EnCJNHFWp1CpSSqdUzDT7wBzWnRiOn0PFomU/3BbuBECbY62eeUBXLW76e4a3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WyBjL4HWNpfbs1/HgKuJylx4b3/rcjvhY2qnQFMvV6I=; b=bJacB7LCx24sm+NhQphZ1/AMTdMXN/zvyeHdx3FYf48RwGVFRSHAaXCgCa1c/op5humZh0a5IoMXehy6f3mUdv10nSuQnahc3CnXC3NOJ+4kna1SA9vwiaQl6r4JmjXk1VcyvcGpr+phRqrvPfoMtFEPgQxYXctorSjwCT1J53U= Received: from CY4PR11MB1685.namprd11.prod.outlook.com (2603:10b6:903:22::23) by CY4PR1101MB2184.namprd11.prod.outlook.com (2603:10b6:910:24::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.25; Wed, 2 Sep 2020 09:41:53 +0000 Received: from CY4PR11MB1685.namprd11.prod.outlook.com ([fe80::acba:ff73:21ab:6c5d]) by CY4PR11MB1685.namprd11.prod.outlook.com ([fe80::acba:ff73:21ab:6c5d%3]) with mapi id 15.20.3326.025; Wed, 2 Sep 2020 09:41:53 +0000 From: "Owen Friel (ofriel)" To: Russ Housley , IETF ACME Thread-Topic: [Acme] Review of draft-friel-acme-subdomains-02 Thread-Index: AQHWarDVa1jsQHCu8UGRQ/b0xVxoz6lVRNdw Date: Wed, 2 Sep 2020 09:41:53 +0000 Message-ID: References: <39F039BC-BFEA-49D4-9D75-267A5446FE99@vigilsec.com> In-Reply-To: <39F039BC-BFEA-49D4-9D75-267A5446FE99@vigilsec.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=cisco.com; x-originating-ip: [173.39.121.92] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7c3ac77d-2c30-4910-e3d3-08d84f246cdf x-ms-traffictypediagnostic: CY4PR1101MB2184: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2958; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: QU/gopL1K0bUmnJwQSsWlwZBXJ+TKc1OaIHpmWfBgbYzpofGyqJbVaVsNg6BXsxIGCDrciF2jTe+shkj2gmRgRfN+MOcbBokdciUPl1Kc5bCOCxYnmUvcMFz3mEvA/wXcru2VY1/aFgB0voK3189cy/ge8Te1QNXwFxk2vqzGOooveGJnUdYrZWCPBYP2qSy3vfIo8wBsSc+4h0TP45vY3dmVyxlIMXLEhYzwoB+nwAEwZqry4hOMTL471oQRfxU/U17BhqxOnbPs6wI4SUbRHzs9rxxGAgFDmQLd9Ibd5Q3JTjDESHTVYNE9BJ9ffWRHlf3/+aGquBjtVVCr0lkxnNYYecjnETwtmG2D2WufL+XUfo943n4dOG9fls9GL3TffG7+u8ZMeZXm+SyPDDNEg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY4PR11MB1685.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(39860400002)(366004)(346002)(376002)(136003)(2906002)(86362001)(52536014)(33656002)(5660300002)(26005)(186003)(64756008)(110136005)(478600001)(66446008)(83380400001)(316002)(66476007)(66556008)(9686003)(7696005)(8676002)(6506007)(8936002)(76116006)(966005)(66946007)(53546011)(71200400001)(55016002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: zMP7xBMGAENY6pfa3cAK56xaI019DX437Ka9QNEDSd6of9tp/d8NeDYFSLG40Zn8y4MXyG8KG8B/+Wn+V+GBtBv6YH/6qDCdXhp/mJJ3vq2M/9OkgT7l3wupx/gc0EAVNNJ9nnbiqMLuF45hV3axglEj3CFYbt32gAooscb/zt8Gg/TNS59YfUp0GyiXGii/AEFQFkOf+r9R4677BniwZ3VX7mUIcMl5GrhV0jFfcGZHm9aWWjZIc+0ZL5THEcdfqNDXxTYrF2RLry3NyyEq/VJptt10l8VAJ5wyK/f1kF8Q6YnNpqYlOOFbipnPiljS63IdEm5RwShXg8Gvust+W9vWSwuP6bdw85V7o067X1fxMrY0E7871lZQdBQoEvFVkeim4Y8EdkR6apcbrZKnV3Sh5GmioMhSRiHdxAhcYvHwolYQA4mycOapd6z1kNkQvk27CnXJwc21/k24WMXFA5RiDlKtq3aHylrl2DDYR2M8re1Wyz68Tb4SM9LHMZ5lIBqomdzEcold0c88LOx4zR+HwPHvtfRUL0RlHSDGBjV6+a/NtP3vQZUEF2xurl7YcYe2nPa42dw6PqcO53AURizQECCtfM3yl8qFoWs3Vm5k7wrQfge+iJHUu2zm8wkmJtMxP6kxTJOV6sxc33o6pg== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1685.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c3ac77d-2c30-4910-e3d3-08d84f246cdf X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Sep 2020 09:41:53.6084 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Sen+mo2HWL5KSN3tK+LYllRXnSet6l9EgWIyHnEosu7Jkk2Dhv1xroB8IrjCmtGw0IcOJfT+tlotBG+c+IBsYA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2184 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com X-Outbound-Node: alln-core-10.cisco.com Archived-At: Subject: Re: [Acme] Review of draft-friel-acme-subdomains-02 X-BeenThere: acme@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Automated Certificate Management Environment List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2020 09:42:04 -0000 Thanks Russ. I've addressed all these in github at: https://github.com/upro= s/acme-subdomains/blob/master/draft-friel-acme-subdomains.md. I have not pu= shed out draft-03 yet, lets see what Jacob and Felipe have to say on the re= lated thread about challenge options, and I will incorporate then. -----Original Message----- From: Acme On Behalf Of Russ Housley Sent: 05 August 2020 06:44 To: IETF ACME Subject: [Acme] Review of draft-friel-acme-subdomains-02 Document: draft-friel-acme-subdomains-02 Reviewer: Russ Housley Date: 2020-08-04 Major Concern: The TODO markers regarding wildcard domain names, the 200 response code, an= d the security considerations should be filled in with strawman text before= this I-D is adopted by the ACME WG. Minor Concerns: General: s/certificate authority/certification authority/ (many) Abstract: s/certificate authority policy/certificate policy/ Introduction: s/X.509 (PKIX)/X.509v3 (PKIX) [RFC5280]/ Terminology: Correct CA, please. See above. Terminology: Please add a definition of subdomain. Nits: Section 3: says: 3. client sends POST-as-GET requests to retrieve the "authorizations", with the downloaded "authorization" object(s) containing the "identifier" that the client must prove control of s/client must prove control of/client must prove that they control/ There is something wrong with the table formatting in Section 6.2. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme