Re: [Acme] ACME breaking change: Most GETs become POSTs
Felix Fontein <felix@fontein.de> Fri, 31 August 2018 21:58 UTC
Return-Path: <felix@fontein.de>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 473AA130E6A for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 14:58:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=fontein.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UY7pLCZpbTYf for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 14:57:58 -0700 (PDT)
Received: from fontein.de (fontein.de [IPv6:2001:1680:101:2a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33F6B12785F for <acme@ietf.org>; Fri, 31 Aug 2018 14:57:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=fontein.de; s=20160508; h=References:In-Reply-To:Subject:To:From:Date:Cc; bh=pigwuIR/r6xwl3A+Ww7wGSXytM2pULu1DD38dhdvpOc=; b=v+tlpawOjm41sv7PkYiYnAhixr vOR5sSGzGASqnAdC4NTua7arFT2hvUIFQXOuMqmQhAtNcVcLVBxjbmUuXVUZUj5MU6/iTb/j13fOF 4rhmaW1Y9KmcpmOZ5ApsHqmpsSTUni3Xqkqaa7KUqPme/DgqAkIIPkkHvNb/XpvtpU4bfuz8vsgOw HcUzPnnpobx7AbTfPWQ0u4u5EUuSIcT+d4v3g+0Lyx8Pq5mMvjnQ/UhoDURl90YR0LUgBajHfnBxi 7V2k4Il/sTy5AbEpf67IfoMZ184/LhLNl6N4JxzOP95hqC66g5+NNs4r5RaUNXahY6Jmx9VNiGZcT Vbz6rAeQzP1ryaKlUeBkXvpmmddghx25wL9Ji4zOBPvqsM0iRNiYqeZJWTvaP7XkeemkPswXV0/Lf 5PYDjNe7eoSRD+SiyfOdvDXelVZg9a7yM/pBcP2f+IOu5sL2+75xzYwLPX75ust2cJ/vsxBe7wjtY 8UFyWZ3z6FwkSZodsutK+mto4Nab4LXAjERKcrh6go2+QUgV052C17i2B6Rtlo4BN0M4mNvHXU+lJ LFsrbP0yKbaly+yRJc+EhG0Pj6OofVDjouUnz4UxxI7rd1W3g9uNUvHHU5fZUSo35EVxB5jFQ11LT DFh2i/RE+1FHX69agu7ivu8a3kBMR2JWoPwrGzayI=;
Received: from 149.235.197.178.dynamic.wless.lssmb00p-cgnat.res.cust.swisscom.ch ([178.197.235.149] helo=rovaniemi) by fontein.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim) (envelope-from <felix@fontein.de>) id 1fvrQM-0003WS-2b for acme@ietf.org; Fri, 31 Aug 2018 23:57:54 +0200
Date: Fri, 31 Aug 2018 23:57:41 +0200
From: Felix Fontein <felix@fontein.de>
To: acme@ietf.org
Message-ID: <20180831235741.5333d4e9@rovaniemi>
In-Reply-To: <CAL02cgQ5PwiKngRSsYmMCVbRd5MExbo3G4C6DhA5jMg9GAcXDg@mail.gmail.com>
References: <c33184f3-4e64-b7ea-babb-d29e2307f1f3@eff.org> <CAL02cgRD=UgsaDeWN9hy2YXN=CLLQpt+zgaZKPTqDpoiMi0hqw@mail.gmail.com> <863A4A5E-718A-4C29-AE82-097C70BE75B6@akamai.com> <CAL02cgQ=FjSLYuzKMnkbVHqPaU7A1sc5xSCk6dWa67=1a3b3vw@mail.gmail.com> <CAKnbcLhiGSKqmd5Hq3fn3YOwDCQfDa7XW0YuzK4FgmxAKZ+XWA@mail.gmail.com> <CAL02cgQ5PwiKngRSsYmMCVbRd5MExbo3G4C6DhA5jMg9GAcXDg@mail.gmail.com>
X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: -2.9
X-Spam_score_int: -28
X-Spam_bar: --
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/QaNXsGXgIUhsyDROAxwNYwsSizg>
Subject: Re: [Acme] ACME breaking change: Most GETs become POSTs
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2018 21:58:01 -0000
Hi Richard, > I was able upgrade the lego client in a pretty short patch (5 files > changed, 26 insertions(+), 16 deletions(-)) [0]. It interoperates > with Daniel's branch of pebble. you were faster :) I've adjusted Ansible's acme_certificate module to also work with Daniel's branch in https://github.com/ansible/ansible/pull/44988 Most of the changes are general refactoring to make use of a single URL fetch method which has access to the ACME account data; the main part related to POST-as-GET is only a few lines. Cheers, Felix > > --Richard > > [1] https://github.com/bifurcation/lego/pull/1 > > > > On Fri, Aug 31, 2018 at 2:56 PM Daniel McCarney <cpu@letsencrypt.org> > wrote: > > > I think its an anti-pattern to standardize protocol features that > > haven't been implemented by anyone so here's a PR[0] for the Pebble > > ACME server that implements Richard's proposal[1] to establish > > viability. The proposal seems OK to me given the > > trade-offs/alternatives on the table. > > > > I would encourage other ACME client/server developers to try their > > hand at implementing the changes from [1] as well. I've tested my > > PR with hand-rolled requests but not as part of an automated > > issuance process with a "real" ACME client. Speak now or forever > > hold your bugs. > > > > [0] - https://github.com/letsencrypt/pebble/pull/162 > > [1] - https://github.com/ietf-wg-acme/acme/pull/445/files > > > > On Fri, Aug 31, 2018 at 1:21 PM, Richard Barnes <rlb@ipv.sx> wrote: > > > >> No, if a server receives a GET request for a resource other than > >> those specified, then it MUST return 405. But please check out > >> the PR and see if it's clear there. > >> > >> On Fri, Aug 31, 2018 at 1:14 PM Salz, Rich <rsalz@akamai.com> > >> wrote: > >>> > >>> - * Servers MUST return a 405 if they get a GET for a resource > >>> other than directory/newNonce/certificate. > >>> > >>> > >>> > >>> They means client? Or there’s a word missing, and “they get a” is > >>> “they do not support”
- [Acme] ACME breaking change: Most GETs become POS… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Felipe Gasper
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Felipe Gasper
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Tim Hollebeek
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Eric Rescorla
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Felix Fontein
- Re: [Acme] ACME breaking change: Most GETs become… Yaron Sheffer
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Eric Rescorla
- Re: [Acme] ACME breaking change: Most GETs become… Erica Portnoy
- Re: [Acme] ACME breaking change: Most GETs become… Alan Doherty
- Re: [Acme] ACME breaking change: Most GETs become… Erica Portnoy
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Alan Doherty