IETF Logo Mail Archive

Re: [Acme] [Technical Errata Reported] RFC8555 (5861)

Deb Cooley <debcooley1@gmail.com> Fri, 09 February 2024 11:39 UTC

Return-Path: <debcooley1@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EA4EC14F6AA for <acme@ietfa.amsl.com>; Fri, 9 Feb 2024 03:39:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.857
X-Spam-Level:
X-Spam-Status: No, score=-6.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwZYOwGKJGRv for <acme@ietfa.amsl.com>; Fri, 9 Feb 2024 03:39:06 -0800 (PST)
Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD49AC14F6A8 for <acme@ietf.org>; Fri, 9 Feb 2024 03:39:06 -0800 (PST)
Received: by mail-il1-x12b.google.com with SMTP id e9e14a558f8ab-363b24ecdafso2017815ab.2 for <acme@ietf.org>; Fri, 09 Feb 2024 03:39:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707478746; x=1708083546; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=PXQFa7aTB9euOQoVZ2oGtS5VhsdCFrWks8LVIqDgsAo=; b=NnQVwJZfdZtkLJCrfSBdBXgGaeHRbNjSbzgmCTogUMtcrtkzlqzhrKWBRDOA0fH+dW fmuu0qjp4veGjCMnjFBQfN8js7eGS865/2H4lt85ZNEFHckXzTZbPj7ixlxscPL0XQLk EKbDJD6v5NiXOA0+a0774ixH2RjQBt2LKS+k7zic3pizLf4CzGnazNch5vPAC3gHDDJY QxwoktUAjsIQGD1Ie9nUkyJvE8vGszv/7+58f4KwO2AKXpMW3diru3rLOzSKuvmu5izM SW/8vY/au6imWwMukdHowCFpECttsitpa1p0tsW3U+yGd4JfvAxm9VSaH08xnQcJGsSu drpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707478746; x=1708083546; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PXQFa7aTB9euOQoVZ2oGtS5VhsdCFrWks8LVIqDgsAo=; b=cD8uwoYXpDsyN11VdfT4Fc7CQgmN1B6tYuKV7xlVqU6uUIiDUm0go/SpW4iLXxbyZj P+tBxNG6/8khScelpK/VewkXdxiD7Uc61ykg4ZUFWg4KKPy0j3Y7W1nAqOKK1jZpSjz0 NQLBbvA5P0Z5I/2yfeSgNqRpg4B4Yyx/RATYz4YCkpW7XLgDm3sZHkywcWXGRrQ3Tc3U bIKCzZJmHIcJ5ejCZ8GwT2YgtiSbdijiXMKF36YN/MwftqY2fPkAZtbQ6HuYo40Thfub 96rSTqhvO1UNTBmH6wMyP1RPYo9yPJga4SThlMIibc8K6lr/9pjDBIC55uV028g31lUW v/sg==
X-Gm-Message-State: AOJu0YxDig7PVgzuW3PhFF8c3h7+r6KEFWPBN+6VvSBXH/BppdwhFm0o 8w6H5jIREFFYw7ZkmN6jWKOGM8OlvYGAepgNAlx14RpzbLvzQ+yKFjXqpxEjS9rqvr7s1UgqAGO s5J+hNlis5y8ZdVbZGJ8kts+iiw==
X-Google-Smtp-Source: AGHT+IFDTU+bPKuwTHVOoRTNDnAWa8vrBScICXpLjXqEd9jl7UnTfGp5f7VeDW+sO4B2fRuqBhCHxcc81hUkK2pKxhc=
X-Received: by 2002:a92:d482:0:b0:363:b281:a1ac with SMTP id p2-20020a92d482000000b00363b281a1acmr1500366ilg.9.1707478745938; Fri, 09 Feb 2024 03:39:05 -0800 (PST)
MIME-Version: 1.0
References: <20190923103508.6D126B80D81@rfc-editor.org> <CAGgd1OfecWRy4wZwLoBhzQKYNY8_hbQ2EN+CHdWtNffyc7k5MQ@mail.gmail.com> <CH0PR20MB67082ED780F3C22618C607C6DB60A@CH0PR20MB6708.namprd20.prod.outlook.com> <BYAPR11MB3078E4B19A4D2134E56180F7DB672@BYAPR11MB3078.namprd11.prod.outlook.com> <CH0PR20MB67086EA66C0FFD1CF93F3327DB672@CH0PR20MB6708.namprd20.prod.outlook.com>
In-Reply-To: <CH0PR20MB67086EA66C0FFD1CF93F3327DB672@CH0PR20MB6708.namprd20.prod.outlook.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Fri, 09 Feb 2024 06:38:28 -0500
Message-ID: <CAGgd1OdtTNGTu3Qn_i--EQ555qj6dU0T5p0R9kyOmDpdh7fzLw@mail.gmail.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>, "Owen Friel (ofriel)" <ofriel@cisco.com>
Cc: "rlb@ipv.sx" <rlb@ipv.sx>, "jdkasten@umich.edu" <jdkasten@umich.edu>, "acme@ietf.org" <acme@ietf.org>, Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000001d00130610f1609e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/Ocrw_qxDLM0KncBK5tjv_K6ZoH0>
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (5861)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2024 11:39:08 -0000

The ADs can edit the language of an errata.  If we can agree on the
language, they can modify the errata and then mark it as Verified.  Below
is what I have for this:

------------------------------------------

Errata old:

Section 7.4.1, It should say:

If a server receives a newAuthz request for an identifier where the
authorization object already exists,
whether created by CA provisioning on the ACME server or by the ACME
server handling a previous newAuthz
request from a client, the server returns a 200 (OK) response with the
existing authorization URL in the
Location header field and the existing JSON authorization object in the body.

----------------------------------------------

Errata new:

Section 7.4.1

It should say:
If the server has an existing authorization for the identifier,
depending on server policy, the server may return a 200 (OK)
response with the existing authorization URL in the Location header
field and the existing JSON authorization object in the body.
----------------------------------

Is this correct?  Or does it need to be tweaked?

Deb


On Thu, Jan 4, 2024 at 1:29 PM Jacob Hoffman-Andrews <jsha@eff.org> wrote:

> > That’s fair. The text should probably state something along the lines of
>
>  >
>
> > “If the server has an existing authorization for the identifier,
> depending on server policy, the server may return a 200 (OK) response with
> the existing authorization URL in the Location header field and the
> existing JSON authorization object in the body.”
>
> This sounds good to me. Thanks for the update.
>

v2.23.0 | Report a Bug | By Email