IETF Logo Mail Archive

Re: [Acme] [EXT] Re: I-D Action: draft-ietf-acme-dtnnodeid-09.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 09 September 2022 15:29 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7D79C14F72B for <acme@ietfa.amsl.com>; Fri, 9 Sep 2022 08:29:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x3593GuZdtIZ for <acme@ietfa.amsl.com>; Fri, 9 Sep 2022 08:29:18 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2120.outbound.protection.outlook.com [40.107.22.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57EF6C14F730 for <acme@ietf.org>; Fri, 9 Sep 2022 08:29:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=esFGFYXX2folmFNs/ull+PVjokTVcdrT7i0aytRIDvc4hab3IXRxrYyUFJgctfY16vI2S+oZ7PAQMmPEQKDmKyLten8gImYsEtO0EIH7IeKqC9ij20PDONP0No0M9GNe+ch8Nbc4MoENQj/vGiADT95GBC39TZQLWDssfxNVQXaBqHr8KI17/lM4+u8dyuB2f+9F70pm84rO5tnGAVM/WTvo8IqVU5TAwfQ0NcktLwp9U0ujfJz671z7pveeahGkh2PQm+KEFj64FujcDC+QmKxgJttjUGenI30v93ySqwoDZEvkcL270VICsopger5K7/QAqryIjMxU1hWb0ByaEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aC7UEXz9/zs3ybXoWEB81QVxE+M9jjIeuh4A4GbhhBQ=; b=bboJ+lZM081ogvfxjkh2tRynmMJL38v89m9PO+eoNixVKAk+G5Yz8DXn9Wp0Z6LBWZTFJ8RzPhswsefvYIx7fTv6zRRyIi9nXzXzA1uVutwhWw5dmDm1rljiNl/d8ZXwkNNUzBxs5U2VtP+vGr5RUF5usY2m1VmgSRI8p3WRdAuoytTGVlqOqyD6pdOPE9mhtI0f+PVSSgUyO053/Kf9FE4nICCZ80C9rXFPyNpA5Zc1Bl55FsGzH7KXVtu5f7ut6/68yw/OI7VPx0RMOvKLsuHJq9vynKmKpDmUWwf0UZbij7XsiVTLRv+71SmnnX+ULhYmLkN38xEeY4GtLds4TA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aC7UEXz9/zs3ybXoWEB81QVxE+M9jjIeuh4A4GbhhBQ=; b=D3vAxhUFfHJCx7uppa8KQX69ltrkwbEV5ulNRM6s/A0YDq1JrppvkXHWCraCEARNxm6U0vkSTA/bMX4jOIQDawYV21VTQdS5K28Xuf0kB44br+OdixlGviKhJryV7a8eUuV+B/LDWipJ1uRqvV7TRynuREFIGteXmH+4zDHX/pJMEyIDCHTc0qVKfK6QgOMe63R371qngEKIkU4LrDdgfxx5asNczQqD78iE8uptLHYn2AyKmu+GuGOZmWdeY/x2uzHghVvlzTTUnK+URq7cn3Ase2P0xmyEd5W+26/FT6bLLn5p+vgKSP4vjXMa/o12eYYwIU0VsF7IMcWzxXFiLg==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DBAPR02MB6181.eurprd02.prod.outlook.com (2603:10a6:10:18c::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.20; Fri, 9 Sep 2022 15:29:12 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::34b5:c457:b614:b0ac]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::34b5:c457:b614:b0ac%7]) with mapi id 15.20.5612.014; Fri, 9 Sep 2022 15:29:12 +0000
Message-ID: <2c349b22-f9b5-29f8-93c9-239972cdf97d@cs.tcd.ie>
Date: Fri, 09 Sep 2022 16:29:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: Brian Sipos <brian.sipos+ietf@gmail.com>
Cc: Deb Cooley <debcooley1@gmail.com>, IETF ACME <acme@ietf.org>, Dorothy E Cooley <decoole@radium.ncsc.mil>, "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
References: <164626769621.28373.14001307971144520385@ietfa.amsl.com> <CAM1+-gjWA9DYp1vuoaaQKSPHBe0ox-MWtWO3ZU7sPHsQBJeKtA@mail.gmail.com> <BN2P110MB1107FB763ED574E300071AE3DC159@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAGgd1OeLpu3AEYuYJDTk02TpqPMMSEys_QQOJC1EAyMH9O6-yg@mail.gmail.com> <CAGgd1OdYeTXGjC-Rf+vCJbYb4u-MXEaJsXfqkdZu9+D1XGco4A@mail.gmail.com> <54419b031a6f49d08e72c07644b00fd8@jhuapl.edu> <CAGgd1OdE=Cbo+q7EfEx8yifHE23JR+0BaaJeXN2ZyVVChCnmUQ@mail.gmail.com> <CAGgd1Ocb+CvBmMmJY5AWoHZRgoKK97ZimGzRLVBezJqRsN2rUQ@mail.gmail.com> <8a93caf4-a5b7-4c43-c2c2-56cd05161c1f@cs.tcd.ie> <CAM1+-gikUgjWKr-3T6NvFkxKewLS5YN_uhppiwYsmpMQVza8Gg@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <CAM1+-gikUgjWKr-3T6NvFkxKewLS5YN_uhppiwYsmpMQVza8Gg@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------U0SGjT4Ws0mIyMitbFvRC25U"
X-ClientProxiedBy: DB8PR03CA0032.eurprd03.prod.outlook.com (2603:10a6:10:be::45) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|DBAPR02MB6181:EE_
X-MS-Office365-Filtering-Correlation-Id: 1a8d2782-e590-4c95-2cbf-08da92780bee
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: vqfN+y81ahU3jTK/wj6nqbnhO02iouLbcs7drY8AA3f7p7wQ65EdRTgyP1cykVxh1vyAtBNk2vZq7oIx72h6BaAPXuQCddxUF4wF/+ryD8EzA9vvzNsWeJRPJa68c+Yftzyiyo1w3ajiorDGdUHmGZOHfasJhkZo+13TRkFHCK09VDE73UZJb0Y9k28eUOiykUGpGq+DrYeaUDv0LpKbLub5WBywLURNO/9MsgPjs0R3loD1cHSWn29WKfAAg5zAHqbR0IV0rvhwhTFw1fcAFMC0/La8+rC3X6hpv1kvmL+ui8f9arO5M1dwS6pA2Nn6O7RbuQEOEmJrG1gDmpFjQWs9rr7VMQwJp1TgCdf0bnlaxfeozqpiLxxyG9WdzKOsP9JQF8gPCGUEDuEWPTjlcLUXnP9/KN8dyxEiA/1CrE2sws1n2W99hDSXm91Q7g1ZlhPni1zrIhW3oGo2jeAG+LYm4G1dvbalt+yJ2BJqEhv5J7bNpR+PKQHsZ/rTDibgcbiU7A2DKEIaZIPbrw6tAEzSP2QwGOl/OoXaulSwShW7fVx6axgDQVEy2DMexVpAhDx9THAPrpsDs01/J03k9mrxEhrI7NKXvfStj+NRPcwHAOMlmC9N8dtv81bbcKnJf+gKQGi+zMDnHn70240li7pXap0//h+GrdHrhFzTYLoHRY4SbJC/nIX7iRUBDLXJ5LV92aOAWSrSVJcXiXqPNzNvLcXvehTKr2g2bWp3VgOGzi5nbANmeszKjzHG+KuNZa7DKjlOIlOOqlU+TDd7TexLJZ/EEVmR8xzEQxKIgWqv7t6w4pJYy2egGL87ut/rq9HtnPpgH54MT5tc9RRgTK7rN6aQfmpmC8lG7xE41DU=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(396003)(136003)(366004)(346002)(376002)(66574015)(186003)(21480400003)(6486002)(966005)(478600001)(41300700001)(83380400001)(33964004)(6506007)(86362001)(6512007)(53546011)(38100700002)(31696002)(2616005)(44832011)(786003)(316002)(30864003)(45080400002)(66946007)(8936002)(54906003)(2906002)(66476007)(8676002)(4326008)(66556008)(235185007)(5660300002)(36756003)(31686004)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: znoq7F+MkJ9vCBs9j/LbRh2E0/MJzZMC9z5d7/9ylrMkF1dMjxQagQ5SpYd3Y6d4+XNsQhE7Mzr22ajhWrGVM451Acv4me98cH8IEeRxWQndRB4OrelSx7qcKtxhHgA9604pZ39bK+PcEh5GztnECRxYlzOaR6uwN7pgbCd16qXlebn0HpkvUgyXT5ZzA6B2YDw1MI8rPQm/ZW7bnkZ1ArCkiFsHxQkMNpYHo0WPj8U8KI0ECMFPfmJpqVUNDhfJXzRpCxrYdqlnkZF43UnBZr85b087pHU1VuaJxfESRzAbFTskoH5TvVigpMU+fTy82HF3XhpQ79QzVWd5WAmDtDoSWCiueyKGldlo98blF9H102OAYvOJ9nA/iimeDxoh186mLRf6EELRI4zhkEY2iXafivhlg3CCavc+htwBM3VXkRHoBv+CLDdJA5SLhPcw3D5pixb9S/Bzf9wKuClPr0XKLmoH3r6b3/fJrXb+GXavigXKqyQ1igMFieLdYCV1PFnWtegclICWXDYqjkuIlSpOnq+PTTCFAw5gOy8JdpxbQ6IgEJMVmVlbZhxOTMsbnbtlHtUR9AZ9uTRAW15McHIlXdblGL9kZZLMRHWn2FVSERtNz5UCM3avAf5HxlbkvBGUW5dvaGBnlUViyJhSgGlvDs71ZGpfcpSm298y2jn4GE8BraduKxhWNFJ5RsdvWg6oDRiN9Tpv42n0B4P637oFnMDtPzZJeW0jzZ2Iz2DF/l55MMz7bBfgNUwrRryEqOZ4g7r5y3ZGjO09I1YLcpkjHzWBOUvlP5X57oFPlIvBCNbcsvKvGRRYuQaqEcxDwKnOSd03n+nNLbVdijRvbruEMlGzE2id3DU0vDH6Y16N19TUg9tzXDsIqNOYA0M5bSbqm1tGrF2/mO/lqVV1QKF7g1NL9iWLmufPsSWdNFGbeU0WdSWMFAY+3ctG1njbL9nrFmAagiGx5uODOzJNVpTwZE9/fMNMtfQH7G/BLbiK6/qGNK2w+IQQq8bQgOAfoZe6ffFkvM/zzShUQrddywsnk4XIiwX/Q6jXbI98/azMipUEYcLgvicMeCkkFz1lWf2PWPHLuEbIXDA1ZFq4zx0AfZbBrtO4C4vmn5wyYn2ImFclHA+IL5GKM+t+FWLaOnOBDmOR4Tyl3XAifDx2FlqvWjfJ89IM2BQ9zJgu6qxuYStvJdpmo6Y4TLXFWWN7TOLGxJTqEozJWlAoFRIlgAfTm6TlxWnYuVifJmBW9CVZlPjz/DCduqitgrTt9DBsQ2KMQnr3GPi5jWa79GeZdeYLVRYSSJCBEQenlmWnsB5d9L9/R6XXdD6OCh1+CmBAPWDKdVVqph7cPYYHBpjCTc7nP64cAnObPepUT1vHK0HuIa49smPkl2fX82WnYiJejBWProPI0ExCHFIB0+fmv4sAr1VQuSG3Jb5Q6Fj8uukwvGWwYcn58H1PRWXbt2iWUrZUeReOGSjFH8362NqzIXoOmuXIiM/1YCLVUOvjE7xUsVQsRINEl8CplOmF2M6S89JCyh4zbWKIUcoL68W0vin2/YxmT0+SMmV+RcWSxvu2bTfb40xt0ZqEpomcEdjn8w9GOiF3N/BmRpy61yqqsDsUx2ZQuP310aXQkK+QIuxYobHcOIepTGW1u7/renQ6
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 1a8d2782-e590-4c95-2cbf-08da92780bee
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Sep 2022 15:29:12.1485 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: k1QdJiE2Uy0w+TKXZGoQJGh/rrFqNGJ3efNYamvrVEkI7SZE74PoWCfBt3BurS23
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR02MB6181
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/Ty3xKNfRgtpKsVxiNGPFGcbaoYU>
Subject: Re: [Acme] [EXT] Re: I-D Action: draft-ietf-acme-dtnnodeid-09.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2022 15:29:22 -0000

Hi Brian,

On 08/09/2022 02:58, Brian Sipos wrote:
> Stephen,
> All of your interpretations look correct to me; thank you for this
> insightful review!
> 
> I can add a paragraph to Section 1.1 "Scope" explaining what the experiment
> actually is and what it is not. I agree that the ACME validation is the
> well-understood portion and the utility of the mechanism is the actual
> experiment.

The paragraph on that added in PR#5 looks good to me.

> 
> The rationale for Section 3.5 is really to maintain parity with the
> existing ACME validation methods

Understood. But I'm not at all sure we know (now) what to say
to try achieve such parity, so this mechanism could lead down
the wrong path maybe, and we won't know 'till the experiments
are done.

For example, for many DTNs, say where there's only one g/w
that connects the challenged region(s) to the Internet (and
with ACME server on the Internet), emitting bundles from
different Internet-connected sources would not affect the
capabilities of an attacker who has control of that one g/w.
(Or of anyone close enough to the challenged side of the
g/w to be the next-hop any time they wanted to be.)

That's very different from the case with e.g. LE and DNS,
where we do know a lot more about IP routing and DNS name
resolution and how that affects the capability of on-path
attackers.

So, as written, IMO that section is premature. If you were
to recast it as jut being a thing to try out as part of the
experiment then it'd be fine I think.

Lastly - a random thought - I wonder if bundle status reports
would be the way to try provide the kind of parity you're
after here? I could imagine that an ACME server might be more
satisfied if it were able to accumulate (BIB-protected?)
reports related to the the bundles it emits for challenges
(whether from different sources or not). There'd be a bunch
of things to figure out there, but ISTM that might be a
better approach (or maybe it'd not work;-)

Cheers,
S.


> and to explain to implementations what
> assumptions to avoid (e.g., there's no longer a prior known source endpoint
> for the Challenge Bundle, keep responding until the client tells you to
> stop). Even though this is getting into more complex scenarios than the
> basic experiment of usefulness, I would like to keep the guidance in there
> for consistency of logic if someone does want to use multi-perspective. The
> whole thing is conditioned on "When required by policy ..." so it's really
> all optional.
> 
> I am going to track proposed changes as part of a github ticket [1] and, if
> you don't mind, would like to hash out any more details in that ticket and
> an eventual pull request.
> Thanks,
> Brian S.
> 
> [1] https://github.com/BrianSipos/acme-dtnnodeid/issues/4
> 
> On Sat, Sep 3, 2022 at 4:38 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
> 
>>
>> Hiya,
>>
>> Someone asked me to look at this draft, so I did:-)
>>
>> On 18/08/2022 11:13, Deb Cooley wrote:
>>> A reminder:  we need a few more eyes on this draft to move it forward.
>>
>> Overall, I think the draft is ready for experiments on which
>> nothing much (yet) depends, but not ready for deployments
>> that do need some predictable forms of security guarantee and
>> I don't think that distinction is clear enough in the draft
>> as of now. (Or, I missed it:-)
>>
>> The draft does aim to become an experimental RFC, which is
>> good, but I think would benefit from some text saying that
>> the practical security benefits from the mechanism described
>> here is most of the experiment. (IOW, the experiment here is
>> mainly about the security resulting from use of this protocol
>> and not experimentation as to whether this protocol will
>> otherwise work or not.)
>>
>> A few brief reasons for the above:
>>
>> - The emergent security properties of DTN naming and routing
>> schemes are mostly unknowns if we compare those against what
>> we know of security based on DNS and BGP (or email).
>> - DTN routing is far likelier to involve nodes that broadcast
>> or multicast or use spray-and-wait so there will be notably
>> more on-path nodes who could cheat, not all of which will be
>> "well known" (e.g. some passing data mule).
>> - Last I know of, (which is a while ago) BIB deployment was
>> still notional. That may have changed in some DTNs but I'm
>> also unaware that DTN security mechanisms like the BIB are
>> being used to secure bundles between independent DTNs.
>>
>> A not-quite-nit on the text itself: section 3.5 seems odd.
>> I'm not sure for what DTN topologies this might make sense
>> as an added security mechanism, but I'd not be surprised
>> if it provided no added benefit, if the ACME server were in
>> a well-connected region that has basically one gateway to
>> each DTN that's less well-connected. I don't know if the
>> ACME or DTN WGs considered that though, maybe they did, but
>> I'd probably delete that section as figuring out whether
>> such mechanisms add value for DTNs as they do for the DNS
>> is part of the experiment I'd guess and so it'd be a bit
>> soon to include such recommendations now.
>>
>> Cheers,
>> S.
>>
>>>
>>> Deb (and Yoav)
>>>
>>> On Thu, Jul 28, 2022 at 8:19 PM Deb Cooley <debcooley1@gmail.com> wrote:
>>>
>>>> Dear ACME,
>>>>
>>>> We need to get some eyes on this draft - draft-ietf-acme-dtnnodeid.  If
>>>> you have time, please take a look and let us know whether you think it
>> is
>>>> ready (or make comments).  We are hoping to get this draft finished!
>>>>
>>>> Deb Cooley
>>>>
>>>> On Tue, May 24, 2022 at 5:29 PM Sipos, Brian J. <Brian.Sipos@jhuapl.edu
>>>
>>>> wrote:
>>>>
>>>>> All,
>>>>>
>>>>> I haven’t seen any reviews of the last draft version -09. I hope that
>> the
>>>>> closer alignment with RFC 8823 makes its understanding and analysis
>> easier.
>>>>>
>>>>>
>>>>>
>>>>> *From:* Acme <acme-bounces@ietf.org> *On Behalf Of *Deb Cooley
>>>>> *Sent:* Tuesday, May 24, 2022 7:39 AM
>>>>> *To:* IETF ACME <acme@ietf.org>; Brian Sipos <
>> brian.sipos+ietf@gmail.com>
>>>>> *Cc:* Roman Danyliw <rdd@cert.org>; Dorothy E Cooley <
>>>>> decoole@radium.ncsc.mil>
>>>>> *Subject:* [EXT] Re: [Acme] I-D Action:
>> draft-ietf-acme-dtnnodeid-09.txt
>>>>>
>>>>>
>>>>>
>>>>> *APL external email warning: *Verify sender acme-bounces@ietf.org
>> before
>>>>> clicking links or attachments
>>>>>
>>>>>
>>>>>
>>>>> Did we ever get reviews on the updated draft?  If not, can we get some
>>>>> (or revive the) volunteers?
>>>>>
>>>>>
>>>>>
>>>>> Deb Cooley
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Mar 21, 2022 at 7:12 AM Deb Cooley <debcooley1@gmail.com>
>> wrote:
>>>>>
>>>>> It is on the agenda.  We will ask for volunteers to review.
>>>>>
>>>>>
>>>>>
>>>>> Deb
>>>>>
>>>>>
>>>>>
>>>>> On Sun, Mar 20, 2022 at 5:29 PM Roman Danyliw <rdd@cert.org> wrote:
>>>>>
>>>>> Hi!
>>>>>
>>>>>
>>>>>
>>>>> We’re past IETF LC in terms of document processing and -08 and -09
>> appear
>>>>> to have changed protocol behavior.  Since there hasn’t been any
>> discussion
>>>>> about this on the mailing list yet, I’d like to ask the WG to review
>> these
>>>>> changes (
>>>>>
>> https://www.ietf.org/rfcdiff?url1=draft-ietf-acme-dtnnodeid-07&url2=draft-ietf-acme-dtnnodeid-09
>> ).
>>>>> Please raise any objections by Friday April 1.
>>>>>
>>>>>
>>>>>
>>>>> Helpfully, this document is on the ACME meeting agenda tomorrow at IETF
>>>>> 113.
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Roman
>>>>>
>>>>>
>>>>>
>>>>> *From:* Acme <acme-bounces@ietf.org> *On Behalf Of *Brian Sipos
>>>>> *Sent:* Wednesday, March 2, 2022 11:27 PM
>>>>> *To:* IETF ACME <acme@ietf.org>
>>>>> *Subject:* Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-09.txt
>>>>>
>>>>>
>>>>>
>>>>> All,
>>>>>
>>>>> I have posted an update to the Node ID Validation document which
>> updates
>>>>> references to now-published DTN RFCs (yay!) and adds algorithm agility
>> for
>>>>> the Key Authorization Digest to avoid the validation method being
>> stuck on
>>>>> SHA-256. It does add a publication dependency on the COSE hash
>> document,
>>>>> but that is in AUTH48 (though it's been stuck in that state for some
>> time
>>>>> now).
>>>>>
>>>>> Comments are welcome and can be discussed at the next IETF.
>>>>>
>>>>> Brian S.
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Mar 2, 2022 at 7:35 PM <internet-drafts@ietf.org> wrote:
>>>>>
>>>>>
>>>>> A New Internet-Draft is available from the on-line Internet-Drafts
>>>>> directories.
>>>>> This draft is a work item of the Automated Certificate Management
>>>>> Environment WG of the IETF.
>>>>>
>>>>>           Title           : Automated Certificate Management Environment
>>>>> (ACME) Delay-Tolerant Networking (DTN) Node ID Validation Extension
>>>>>           Author          : Brian Sipos
>>>>>           Filename        : draft-ietf-acme-dtnnodeid-09.txt
>>>>>           Pages           : 31
>>>>>           Date            : 2022-03-02
>>>>>
>>>>> Abstract:
>>>>>      This document specifies an extension to the Automated Certificate
>>>>>      Management Environment (ACME) protocol which allows an ACME server
>> to
>>>>>      validate the Delay-Tolerant Networking (DTN) Node ID for an ACME
>>>>>      client.  The DTN Node ID is encoded as a certificate Subject
>>>>>      Alternative Name (SAN) of type otherName with a name form of
>>>>>      BundleEID and as an ACME Identifier type "bundleEID".
>>>>>
>>>>>
>>>>> The IETF datatracker status page for this draft is:
>>>>> https://datatracker.ietf.org/doc/draft-ietf-acme-dtnnodeid/
>>>>>
>>>>> There is also an HTML version available at:
>>>>> https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-09.html
>>>>>
>>>>> A diff from the previous version is available at:
>>>>> https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-dtnnodeid-09
>>>>>
>>>>>
>>>>> Internet-Drafts are also available by rsync at rsync.ietf.org:
>>>>> :internet-drafts
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Acme mailing list
>>>>> Acme@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/acme
>>>>>
>>>>> _______________________________________________
>>>>> Acme mailing list
>>>>> Acme@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/acme
>>>>>
>>>>>
>>>
>>>
>>> _______________________________________________
>>> Acme mailing list
>>> Acme@ietf.org
>>> https://www.ietf.org/mailman/listinfo/acme
>>
>

v2.23.0 | Report a Bug | By Email