Re: [Acme] I-D Action: draft-ietf-acme-scoped-dns-challenges-00.txt

Amir Omidi <amir@aaomidi.com> Mon, 19 February 2024 22:17 UTC

Return-Path: <amir@aaomidi.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF676C14CEE4 for <acme@ietfa.amsl.com>; Mon, 19 Feb 2024 14:17:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aaomidi.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZjp5sget9ty for <acme@ietfa.amsl.com>; Mon, 19 Feb 2024 14:16:56 -0800 (PST)
Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61022C14E513 for <acme@ietf.org>; Mon, 19 Feb 2024 14:16:56 -0800 (PST)
Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-a3cc2f9621aso509170066b.1 for <acme@ietf.org>; Mon, 19 Feb 2024 14:16:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aaomidi.com; s=google; t=1708381014; x=1708985814; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=FqPauVvg7VUfk2Zl87rw3bfn6GVN6Ae7LeQanI6lyLQ=; b=HfvrmY/3D4/5YYI6VgUUKNBo7yJaoiboEtxWP/hlmOAuWgu3nYxWtTxpgIXVHE6ILf 54VhG+RdNcWhxvpCHM3o0A3kJcBCJeMkimyoeeABI8qx2yNfy1lIkogAZNOuWCopzMXr uSOIBDNdQuzTt3np2PXwCI0WIV0RmUNqhPDO3pWyhjbaIw7ftEdLSjJF2yh2d1F21lNp KL9eH84MM/30KGgULEKvcb37MZcHXb0HJBNMnSEVR2aKJ3MjWm/rBPuzXMGGxGleWXV5 vofveQvqbSMOKhuoaP+O5e704MqCyPCzoLyQLT3oPQUVe1jU7zeRcMf74GQI3y4lV9nO 4BGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708381014; x=1708985814; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FqPauVvg7VUfk2Zl87rw3bfn6GVN6Ae7LeQanI6lyLQ=; b=P6uJsfvfweCZl6koy3fA1HVqA0W/sIF6Ftw1AlDoYofmvNU/ESL7O5MNWe7nesoCqR uRz7vBtXyLnYNrWwJMopzWnTYoBaCLDZfMeV1dc6ox9dIjRLkMwGb0QKbpHZ4iNNIL2l oiSOkpfjPc+iokp2RGobe2qKSfbplx6FCj/9rMQdjU3UMLXOLxmqDRj0EARWxEGRbWIp jkTxrYujsul+TRPyj9mhXGSdZ8E7VXEzurvPHySsmW6eG4v7Kd669MEiv1vYzxIER7Oh DiA/5B/UKjDdFYCgw1eowNT2EE7oC3OnGv2q0a15wMKiYZ8oY5qOA1R5wbCN0KGA+oRA k1wQ==
X-Gm-Message-State: AOJu0YxNQxanzj6OqwaGZ+9KG1fWgBnorTowoCm98JBakhSfw0s0XzyW dbFMvTcG1WxgIsHXAAMIqu79554pVxFGyFVxdKl+qgbtsnZh8W7Bwmtme5bI6cylkYKshivSo4a 6EbI2ghYOBNBjZjzBRy/9jRLvskSv0X6pYtabEN4vlx4VENff
X-Google-Smtp-Source: AGHT+IHXLXp82HOKerx9n0SKYvr8I4/kAxfAktWZbxwCrfuBs1XGnE0Nthg1USEHDLRac4ndjsHud9r/0EennAn6BTc=
X-Received: by 2002:a17:906:c417:b0:a3d:e2e9:a7f7 with SMTP id u23-20020a170906c41700b00a3de2e9a7f7mr7084259ejz.27.1708381013898; Mon, 19 Feb 2024 14:16:53 -0800 (PST)
MIME-Version: 1.0
References: <170837964204.49668.10424116743748702453@ietfa.amsl.com>
In-Reply-To: <170837964204.49668.10424116743748702453@ietfa.amsl.com>
From: Amir Omidi <amir@aaomidi.com>
Date: Mon, 19 Feb 2024 17:16:43 -0500
Message-ID: <CAOG=JU+BUS3H2z5B0kF8O89XRKMuy8xQ94TmZ=5TPQDun7ygPw@mail.gmail.com>
To: acme@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007989cb0611c3730b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/RT4zr7uJ6XlcGJaMyhwVNRCgSDc>
Subject: Re: [Acme] I-D Action: draft-ietf-acme-scoped-dns-challenges-00.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2024 22:17:01 -0000

Hi all!

We've worked on incorporating the changes in
https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/
into our draft introducing DNS-ACCOUNT-01.

This draft now introduces both DNS-ACCOUNT-01, and DNS-02. The main
difference from before is the introduction of a `scope` field:

"_acme-" || <SCOPE> || "-challenge"

Where scope is the values `domain`, `host`, or `wildcard`. This draft
also moved the account identifier to the left of the
`_acme-<scope>-challenge` label.

Thank you!

On Mon, Feb 19, 2024 at 4:54 PM <internet-drafts@ietf.org> wrote:

> Internet-Draft draft-ietf-acme-scoped-dns-challenges-00.txt is now
> available.
> It is a work item of the Automated Certificate Management Environment
> (ACME)
> WG of the IETF.
>
>    Title:   Automated Certificate Management Environment (ACME) Scoped DNS
> Challenges
>    Authors: Antonios A. Chariton
>             Amir A. Omidi
>             James Kasten
>             Fotis Loukos
>             Stanislaw A. Janikowski
>    Name:    draft-ietf-acme-scoped-dns-challenges-00.txt
>    Pages:   12
>    Dates:   2024-02-19
>
> Abstract:
>
>    This document outlines a new challenge for the ACME protocol,
>    enabling an ACME client to answer a domain control validation
>    challenge from an ACME server using a DNS resource linked to the ACME
>    Account ID.  This allows multiple systems or environments to handle
>    challenge-solving for a single domain.
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-acme-scoped-dns-challenges/
>
> There is also an HTMLized version available at:
>
> https://datatracker.ietf.org/doc/html/draft-ietf-acme-scoped-dns-challenges-00
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>