IETF Logo Mail Archive

Re: [Acme] FW: New Version Notification for draft-friel-acme-subdomains-03.txt

"Salz, Rich" <rsalz@akamai.com> Tue, 12 January 2021 18:52 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D4093A0FDE; Tue, 12 Jan 2021 10:52:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8bp8YcKPEH0p; Tue, 12 Jan 2021 10:52:34 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 487F73A0FC4; Tue, 12 Jan 2021 10:52:31 -0800 (PST)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.43/8.16.0.43) with SMTP id 10CIdowY003918; Tue, 12 Jan 2021 18:52:30 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=KRsxP95iNYMtTrjh27vnGOn8TpWM3G2CqLK07ZSvJSk=; b=hDXg5cJRG+Nhr6/l95PYs164zhBV24lr+Dn8zHt+Z2dFQrDPbC0ooNQ6Y5ky4ebMFLRh KqYep8vqY3kXAZy4AeM5zNaQ4r/+5iaVxIojOvctaIVeaL2pOtjGYA8jFBL+0z9SfIg8 2bY9FkO7bvuHTGV4P8IFKRM4uN2vCvYPiwgWxxUlJwxjjfRZPtU6fQt0fvku8QuCI3jL uQF/+MyQhwFFaUkncEd5otFWEgcBMTtTHx/09b3QNFJb3lKZ4Wp9dCMFCgMbMdT9w7s0 O9gkgEomAP893ZT0psfpkvQXU34us94mjgJzsaBRTwm2bC1FFYc0xCanAedKT5XLAQQl hg==
Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 35yq21rf1h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Jan 2021 18:52:30 +0000
Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.16.0.43/8.16.0.43) with SMTP id 10CInXNB026128; Tue, 12 Jan 2021 10:52:29 -0800
Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint5.akamai.com with ESMTP id 35ybbe65uq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 12 Jan 2021 10:52:29 -0800
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 12 Jan 2021 13:52:28 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.010; Tue, 12 Jan 2021 13:52:28 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: "Owen Friel (ofriel)" <ofriel=40cisco.com@dmarc.ietf.org>, IETF ACME <acme@ietf.org>
Thread-Topic: [Acme] FW: New Version Notification for draft-friel-acme-subdomains-03.txt
Thread-Index: AQHW6RQTUItdoLBrGEy9I5RaPRgD+w==
Date: Tue, 12 Jan 2021 18:52:28 +0000
Message-ID: <F6823387-8452-4FF5-8698-5E20C698E8AA@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21010502
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <1EE88DFA1439E848A936EB29771CAE0E@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-12_15:2021-01-12, 2021-01-12 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 malwarescore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 spamscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2101120109
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-12_15:2021-01-12, 2021-01-12 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 priorityscore=1501 mlxscore=0 clxscore=1011 lowpriorityscore=0 malwarescore=0 bulkscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2101120109
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 184.51.33.60) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint5
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/QxY7RkQxgBmXImImynWkSMGTDas>
Subject: Re: [Acme] FW: New Version Notification for draft-friel-acme-subdomains-03.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2021 18:52:36 -0000

Reposting this to see if we can close the two open issues.


On 10/12/20, 4:25 AM, "Owen Friel (ofriel)" <ofriel=40cisco.com@dmarc.ietf.org> wrote:

    This new draft addresses the comments that were raised back in August by Russ.

    It also explicitly lists in the Open Items https://tools.ietf.org/html/draft-friel-acme-subdomains-03#section-4 the two main open items that have been raised by Felipe and Ryan:

    1. Does the client need a mechanism to indicate that they want to authz a parent domain and not the explicit subdomain identifier? Or a mechanism to indicate that they are happy to authz against a choice of identifiers? 

    2. Does the server need a mechanism to provide a choice of identifiers to the client and let the client chose which to fulfil?

    Both would require some JSON definition work. If we can't reach consensus on the mailer, we could discuss at IETF 109 Online.

    Cheers,
    Owen


    -----Original Message-----
    From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
    Sent: 09 October 2020 18:35
    To: Richard Barnes <rlb@ipv.sx>; Tim Hollebeek <tim.hollebeek@digicert.com>; Owen Friel (ofriel) <ofriel@cisco.com>; Michael Richardson <mcr+ietf@sandelman.ca>
    Subject: New Version Notification for draft-friel-acme-subdomains-03.txt


    A new version of I-D, draft-friel-acme-subdomains-03.txt
    has been successfully submitted by Owen Friel and posted to the IETF repository.

    Name:		draft-friel-acme-subdomains
    Revision:	03
    Title:		ACME for Subdomains
    Document date:	2020-10-09
    Group:		Individual Submission
    Pages:		13
    URL:            https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_id_draft-2Dfriel-2Dacme-2Dsubdomains-2D03.txt&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=BU6Y6_X7HUffuxdnapklOZeMRtGd0KkNPaAvb49LYKA&e= 
    Status:         https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dfriel-2Dacme-2Dsubdomains_&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=nVKzeNyyg4s-D5rg2gvxxaqf3bhTy0szmVOHFSVe3pQ&e= 
    Htmlized:       https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dfriel-2Dacme-2Dsubdomains&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=8Pobbb3L_ALZLAMgcmOGrA-gFJOU9BYqtf3W8wSukRQ&e= 
    Htmlized:       https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dfriel-2Dacme-2Dsubdomains-2D03&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=c1L6LvA9uHzoce1HPiXM3fgOffVbmmoDhpzN_nu0cFE&e= 
    Diff:           https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Dfriel-2Dacme-2Dsubdomains-2D03&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=iG7_buccTRbxl6J5pk_IvqgfgdIUPJH3J1GmYZ9bKaY&e= 

    Abstract:
       This document outlines how ACME can be used by a client to obtain a
       certificate for a subdomain identifier from a certification
       authority.  The client has fulfilled a challenge against a parent
       domain but does not need to fulfil a challenge against the explicit
       subdomain as certificate policy allows issuance of the subdomain
       certificate without explicit subdomain ownership proof.




    Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

    The IETF Secretariat


    _______________________________________________
    Acme mailing list
    Acme@ietf.org
    https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_acme&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=ohK3nmt-JwvlYhgDVOMz6y80hA19HWsBGFGonK7XlHI&e=

v2.23.0 | Report a Bug | By Email