Re: [Acme] Hyphens in parameter names of ACME CAA extensions
Tim Hollebeek <tim.hollebeek@digicert.com> Fri, 19 January 2018 15:13 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7E2412D958 for <acme@ietfa.amsl.com>; Fri, 19 Jan 2018 07:13:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W-hFCm-ceYDD for <acme@ietfa.amsl.com>; Fri, 19 Jan 2018 07:13:54 -0800 (PST)
Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com [216.82.251.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B24D012D96C for <acme@ietf.org>; Fri, 19 Jan 2018 07:13:48 -0800 (PST)
Received: from [216.82.249.212] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-16.bemta-12.messagelabs.com id D5/C4-10560-B2B026A5; Fri, 19 Jan 2018 15:13:47 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTfVAMcRjH77e7d21p+XWVe9xkhhtmODpFCP2 BGZTxOhgzpxn2anXL3dXcXjn8oX+8JEyNjKSUGMYNmvESpvGW97vpj3LohSFSXJJLUjjZtZeX f3a+z/N5nu9+fzu/pUm1T6WlOaeDs9tYi04VRjWOuVwVqx9mMsbd8CYlujpWJvr956nEtotc4 hHvgGoulfyxp0OZfPLkAJHsbsqjkvd0dRMrKKOSt5kynRuU5r7elCz/Gmd9ZRGRi74v34vCaA p3E3C/qouSCjU+SEBdfiBY3EVQ5/aJRSitwnHw9PoDQgJRuBSBp7GakEAkXgDFx26H7EW0CBb C24plUjsKz4e7L72kpCk8Ht5/rCWlEQanwuCFeVJbjasRBPoNUjsUz4PyV3qpjfBI+Oo++9uc xBpobiv/rQFHQWu9RyXraHj/5qdSnk+Fss+1wb4OWs71I1mPhobyfCQlBnyJgJ+eqqCRAS4Xd gWHlkJBjZ+Sh04jOP28KUQGevB4+oOum6HnXWlQL4GuDw+DC89IqLvzQymDGGhrGFTKIKCEmk JXiHzMdChyDeXbDq6dX1Tyh9PCC28eKkATS/45aom4T+JyBDWVfYQEGBwBj460UfKQHg6d8wX 1JDh1vJOU9Rwo/nZbJeuxUJTfGiLr6dB5z48qEO1CEwTOnsPZYxMSDCY7n2F2WFneEhsfP9Vg 5QSBzeAsrEkwpGVaLyDxru1QKNBV9Onmulo0iiZ00UxOgDWqh5sy07eaWcG83p5t4YRaFEPTO mAgzGRUR9i5DM65kbeIF3YIAx2ui2L8tIgZIYu1CnyGjNxoFt1+/dUukvYe7hCfje86d5Fqyp Zp47Qapj1UXMDSgjnb9sdu6BdoQKO1kQxSKBTq8CzObuUd/3Mf0tBIF8k0SS7hvM3x560+MRA hBircz0qBHOxfpM1FI5YemJW0Jsc9xTbtxMrBGy2THjevW/tjMV/W25Oq2RLRbMyl1aaU15NL /MMW+/qZD5fOHlW2fHMmJY3dnbDKY129ddG2wyc2mSromVQ9Py62evyeGdEFKZ+P3aucqxKex WTPDizXXDvT6ioquLVj5ohtA0+a0qamFV7tvmLeP3LFvvb1Okows/F60i6wvwDpT+Hk/QMAAA ==
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-16.tower-219.messagelabs.com!1516374826!187998112!1
X-Originating-IP: [216.32.181.175]
X-StarScan-Received:
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 31401 invoked from network); 19 Jan 2018 15:13:46 -0000
Received: from mail-by2nam01lp0175.outbound.protection.outlook.com (HELO NAM01-BY2-obe.outbound.protection.outlook.com) (216.32.181.175) by server-16.tower-219.messagelabs.com with AES256-SHA256 encrypted SMTP; 19 Jan 2018 15:13:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=c+PfWQgadDXSF5R2YOF+m5cVHPnmiJErD22xEYqG6wE=; b=QiscMSL39P9LnXcgRdNIlr786TLE8Rjv/oipvTaZca0qnY8+47yZwBI6FfUVttsKo/cra4bgkhXQKqliX3uDsaAjdFm747gu1+0vIsilUcBjs3XFKEW0PsWPctr3QoDKxpUWeL1C5oWVL2Jjc60IHDuyZh8gbcDrSjDZ93M1+MA=
Received: from DM5PR14MB1289.namprd14.prod.outlook.com (10.173.132.19) by DM5PR14MB1292.namprd14.prod.outlook.com (10.173.132.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.407.7; Fri, 19 Jan 2018 15:13:45 +0000
Received: from DM5PR14MB1289.namprd14.prod.outlook.com ([10.173.132.19]) by DM5PR14MB1289.namprd14.prod.outlook.com ([10.173.132.19]) with mapi id 15.20.0407.012; Fri, 19 Jan 2018 15:13:45 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Corey Bonnell <CBonnell@trustwave.com>, Jacob Hoffman-Andrews <jsha@eff.org>, Ivan Vyshnevskyi <ivan@vyshnevskyi.com>, "acme@ietf.org" <acme@ietf.org>
Thread-Topic: [Acme] Hyphens in parameter names of ACME CAA extensions
Thread-Index: AQHTkHe+y336JrUmAkWMRmvHrl3516N6XQ4AgADSGQCAAB8/0A==
Date: Fri, 19 Jan 2018 15:13:45 +0000
Message-ID: <DM5PR14MB12891525E84FB7EDABAF729A83EF0@DM5PR14MB1289.namprd14.prod.outlook.com>
References: <1516287365.2992847.1239759288.6198D1F4@webmail.messagingengine.com> <38b34229-2137-1bed-b96e-37b91babddbb@eff.org> <E41721D9-9BF5-4877-A69C-A43F370A1773@trustwave.com>
In-Reply-To: <E41721D9-9BF5-4877-A69C-A43F370A1773@trustwave.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [74.111.107.128]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR14MB1292; 7:ldGa+Mpde20kKzRlx75gTISwZyHhUcDjTmRM0mCBoriefG7fwkgxrh20k4a05t1LRYO+K1YqacrHaZys5bQcxD4rg/QRUHkAUgPquiPVOxcDAa32AbtaMNKmOff0Un3svKALjuLU7ducOwamanDGmYRGrOexlcUMr2kyx2hCrmojk6JTxT3nBzTLlQkI3lIrBtWppGD8pMmrECzXRY3HHPH2r9d396j02ZCnfSQRFWlQP01dNzVbtpP2SckGQy0I
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 0f49c5f8-8ff9-48d1-4cf3-08d55f4f3c27
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(2017052603307)(7153060)(49563074)(7193020); SRVR:DM5PR14MB1292;
x-ms-traffictypediagnostic: DM5PR14MB1292:
x-microsoft-antispam-prvs: <DM5PR14MB1292773DD183FD16D43E89CD83EF0@DM5PR14MB1292.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(232896897485771)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040470)(2401047)(5005006)(8121501046)(10201501046)(3231023)(2400079)(944501161)(93006095)(93001095)(3002001)(6041268)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(2016111802025)(20161123560045)(20161123558120)(20161123562045)(20161123564045)(6072148)(6043046)(201708071742011); SRVR:DM5PR14MB1292; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:DM5PR14MB1292;
x-forefront-prvs: 0557CBAD84
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(366004)(39860400002)(39380400002)(13464003)(199004)(189003)(478600001)(106356001)(68736007)(59450400001)(2501003)(53546011)(6506007)(33656002)(76176011)(7696005)(2900100001)(6436002)(305945005)(229853002)(7736002)(99286004)(105586002)(74316002)(6246003)(2950100002)(97736004)(5660300001)(102836004)(2906002)(55016002)(6306002)(9686003)(53936002)(25786009)(99936001)(66066001)(110136005)(316002)(26005)(966005)(81156014)(81166006)(8676002)(77096007)(6116002)(8936002)(3280700002)(3846002)(14454004)(3660700001)(86362001)(575784001)(217873001)(19400905002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR14MB1292; H:DM5PR14MB1289.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 0vQQOPrsbIkLLmpkCvpdK3nERdCSryUa86VkO6w/b4ypVU40aG+GzGzXkDMNbnQ3qtFvZ3BEwBTXOPGpP3t1EQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0499_01D390FD.629C9170"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f49c5f8-8ff9-48d1-4cf3-08d55f4f3c27
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jan 2018 15:13:45.7806 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR14MB1292
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/MuENj8FBC9QhSufStiWWPFyDVnY>
Subject: Re: [Acme] Hyphens in parameter names of ACME CAA extensions
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jan 2018 15:13:57 -0000
I agree with Corey about the readability of hyphens. Also, I fully support his fix to the RFC 6844 grammar. The current grammar is a mess. The implementation of CAA by major CAs has revealed a large number of serious defects with the current text of RFC 6844, and I think it's time for a RFC 6844-bis effort. -Tim > -----Original Message----- > From: Acme [mailto:acme-bounces@ietf.org] On Behalf Of Corey Bonnell > Sent: Friday, January 19, 2018 6:19 AM > To: Jacob Hoffman-Andrews <jsha@eff.org>; Ivan Vyshnevskyi > <ivan@vyshnevskyi.com>; acme@ietf.org > Subject: Re: [Acme] Hyphens in parameter names of ACME CAA extensions > > There is an IETF erratum for RFC 6844 (specifically, erratum 5200: > https://www.rfc-editor.org/errata/eid5200) regarding a contradiction about > which character is used as a parameter delimiter in "issue"/"issuewild" > property tags (section 3 defines the parameter delimiter as a semicolon, > whereas section 5.2 defines it as whitespace). Given that the RFC in its current > state is contradictory, I imagine this is something that should be resolved > before any proposals regarding parameters are finalized. > > I proposed a fix to the ABNF grammar on the LAMPS WG mailing list last month > to make the parameter delimiter defined in section 5.2 align with section 3: > https://www.ietf.org/mail-archive/web/spasm/current/msg01073.html. It > would be trivial to modify this grammar to allow for hyphens to appear in > parameter tags. Allowing for the use hyphens in tags would be win in terms of > human readability of CAA records, as I believe "validation-methods" is much > more readable than "validationmethods", etc. > > Thanks, > Corey > > > Corey Bonnell > Senior Software Engineer > t: +1 412.395.2233 > > Trustwave | SMART SECURITY ON DEMAND > > On 1/18/18, 7:47 PM, "Acme on behalf of Jacob Hoffman-Andrews" <acme- > bounces@ietf.org on behalf of jsha@eff.org> wrote: > > I don't think that's been discussed before. I think it's reasonable to > adjust "account-uri" to "accounturi" and "validation-methods" to > "validationmethods" to stick with RFC6844's definitions. > > On 01/18/2018 06:56 AM, Ivan Vyshnevskyi wrote: > > Hi, > > > > According to the grammar for value of the CAA issue property, that is > defined in > > the section 5.2 of RFC6844[1], the parameter name (there called “tag”) > consists > > of one or more alphanumeric characters. The most current version of > > the draft-ietf-acme-caa[2] introduces two parameter names with hyphens > > in them: “account-uri” and “validation-methods”. > > > > Was this discrepancy discussed before? Is there a plan to resolve it? > > > > Regards, > > Ivan > > > > [1]: > https://scanmail.trustwave.com/?c=4062&d=hcDh2k_3IAMjh0nijx3Ip1gY1VC- > 548bPX2OlnrCzQ&s=5&u=https%3a%2f%2ftools%2eietf%2eorg%2fhtml%2frfc > 6844%23section-5%2e2 > > [2]: > https://scanmail.trustwave.com/?c=4062&d=hcDh2k_3IAMjh0nijx3Ip1gY1VC- > 548bPX3SnnvOkA&s=5&u=https%3a%2f%2ftools%2eietf%2eorg%2fhtml%2fdr > aft-ietf-acme-caa-03 > > > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > > https://scanmail.trustwave.com/?c=4062&d=hcDh2k_3IAMjh0nijx3Ip1gY1VC- > 548bPSvfn3DDxg&s=5&u=https%3a%2f%2fwww%2eietf%2eorg%2fmailman% > 2flistinfo%2facme > > _______________________________________________ > Acme mailing list > Acme@ietf.org > > https://scanmail.trustwave.com/?c=4062&d=hcDh2k_3IAMjh0nijx3Ip1gY1VC- > 548bPSvfn3DDxg&s=5&u=https%3a%2f%2fwww%2eietf%2eorg%2fmailman% > 2flistinfo%2facme > > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme
- [Acme] Hyphens in parameter names of ACME CAA ext… Ivan Vyshnevskyi
- Re: [Acme] Hyphens in parameter names of ACME CAA… Jacob Hoffman-Andrews
- Re: [Acme] Hyphens in parameter names of ACME CAA… Corey Bonnell
- Re: [Acme] Hyphens in parameter names of ACME CAA… Tim Hollebeek
- Re: [Acme] Hyphens in parameter names of ACME CAA… Salz, Rich
- Re: [Acme] Hyphens in parameter names of ACME CAA… Tim Hollebeek
- Re: [Acme] Hyphens in parameter names of ACME CAA… Ivan Vyshnevskyi