Re: [Acme] Agreement integrity checksum
Richard Barnes <rlb@ipv.sx> Tue, 15 December 2015 16:36 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DF8D1A9077 for <acme@ietfa.amsl.com>; Tue, 15 Dec 2015 08:36:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2aZiu7WhUcRX for <acme@ietfa.amsl.com>; Tue, 15 Dec 2015 08:36:06 -0800 (PST)
Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com [IPv6:2607:f8b0:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 699471A9074 for <acme@ietf.org>; Tue, 15 Dec 2015 08:27:35 -0800 (PST)
Received: by mail-vk0-x234.google.com with SMTP id y187so8892529vka.3 for <acme@ietf.org>; Tue, 15 Dec 2015 08:27:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=WqTixMnKf9oZmrCXBNjvDYhDeALZ4DRX53zh3KM7Tqc=; b=kC1hcfA86PnyW6AqX6rivS6GEny755k7YtLdD7zfZetYez7wAASKR/ATZcqRPzXOlg OUq8h/xhZSL9tgiyo6yxJLReZ8urzzgVXgbOL3hRM6ZysuHOpb/st+OnNLOJDBKbwH9P ybBB9ZIMARL71/GmP1RYqURzi9Q2EIJltL17OODIEhGfu5EWaNozkqXRap4+bk4uETAP vnzAmv5A59ZjK3DqaXzbTCkdl6YJY+2XhAtdEuNj4/cyUuYEAmfX9B5MvsRCRjlnb2ij qj5GESADBJt6/sGteURPyRTSGo9Do/aFARLNMmkhsyLYK4CBhVLew0QheUePndp5p2Wx AGJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=WqTixMnKf9oZmrCXBNjvDYhDeALZ4DRX53zh3KM7Tqc=; b=XrSaedbzVWeZIi3ZYG9BRT9WYcFU5d3w6H6EO9F8hp6OMmKh/rR1yLKUNY/jWdC04J ow2m7bU4GUsvb0fmamLPg9s09HFZaRxeXbavAMmt47N+6DaEWxoHIUftzmErXiNVTwJg 5gQjaaXwLzricGLRO0pWWo4mnd7o0RLwjdI48xLFtIX8z6PRLH9T8YKySmiqbOlx7UkO 4A4vBD3stFj3R+Y07hIkax2T2j4f/RKl9lejMQ+R6Kgm5op+BMgMC7J7mZWz99OAYxRF YBnXI4YgXvFaUEc9tDNsPns80tJVvIZitOgndTZMYvDmDcgt2MzXuidvMcBMeHF8gfCF cbIQ==
X-Gm-Message-State: ALoCoQnDtuFnIMTlYMWcJoOlRJzoKSw1Td9oLBFGoIqlcqE+zIwwaiEnsYQLgYOjTUXGd7vc85RzZP9K/2xTp3VXWj0d9DAShQ==
MIME-Version: 1.0
X-Received: by 10.31.163.197 with SMTP id m188mr29283796vke.89.1450196854508; Tue, 15 Dec 2015 08:27:34 -0800 (PST)
Received: by 10.31.11.81 with HTTP; Tue, 15 Dec 2015 08:27:34 -0800 (PST)
In-Reply-To: <CANUQDChu8ER+VCb8VyhR9h-qrK8m1tMpZYU+xFuGhQ332xaeYQ@mail.gmail.com>
References: <CAHGSkqiDpHmPQHROB+MdKYBS47a2oXekeDV1EcdORhqwLFBiVg@mail.gmail.com> <CABkgnnWGmC5fDNAyg4-QZw_vgKQYLHikpMvBL_O+dH36YTQoGg@mail.gmail.com> <CANUQDCjhr6SW-Mppdo-49L7+KJzbUmD34W2dQcYHMpgJw9quBQ@mail.gmail.com> <5668798B.5090206@eff.org> <CANUQDChu8ER+VCb8VyhR9h-qrK8m1tMpZYU+xFuGhQ332xaeYQ@mail.gmail.com>
Date: Tue, 15 Dec 2015 11:27:34 -0500
Message-ID: <CAL02cgRiGr1c6_R-TiytqMAHZZJM_dddX+AXhU_+XV96XzSjBg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Niklas Keller <me@kelunik.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/NJd14fXnlyDCsAfrX6zFDUJZ60Q>
Cc: Michael Tandy <iaectmfe@mjt.me.uk>, Martin Thomson <martin.thomson@gmail.com>, Jacob Hoffman-Andrews <jsha@eff.org>, "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] Agreement integrity checksum
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2015 16:36:07 -0000
Thanks for the PR! I agree that having an integrity hash is overkill, and we should focus on advising CAs. That said, the considerations for how CAs track agreements are very much specific to each CA, so I'm hesitant to have MUST-level requirements. If you change it to a SHOULD, then I think we're good to go. On Tue, Dec 15, 2015 at 7:40 AM, Niklas Keller <me@kelunik.com> wrote: > 2015-12-09 19:57 GMT+01:00 Jacob Hoffman-Andrews <jsha@eff.org>: >> >> On 12/09/2015 12:56 AM, Niklas Keller wrote: >> > >> > How about just requiring that CAs update the URL on changes? >> > >> I think this is the best, simplest approach. > > > I added a PR: https://github.com/ietf-wg-acme/acme/pull/52 > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] Agreement integrity checksum Michael Tandy
- Re: [Acme] Agreement integrity checksum Ángel González
- Re: [Acme] Agreement integrity checksum Martin Thomson
- Re: [Acme] Agreement integrity checksum Niklas Keller
- Re: [Acme] Agreement integrity checksum Niklas Keller
- Re: [Acme] Agreement integrity checksum Jacob Hoffman-Andrews
- Re: [Acme] Agreement integrity checksum Niklas Keller
- Re: [Acme] Agreement integrity checksum Richard Barnes
- Re: [Acme] Agreement integrity checksum Niklas Keller
- Re: [Acme] Agreement integrity checksum Richard Barnes