IETF Logo Mail Archive

Re: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt

Seo Suchan <tjtncks@gmail.com> Wed, 12 July 2023 19:29 UTC

Return-Path: <tjtncks@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCF52C14CE46 for <acme@ietfa.amsl.com>; Wed, 12 Jul 2023 12:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.496
X-Spam-Level:
X-Spam-Status: No, score=-5.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ji89p3l7yB0F for <acme@ietfa.amsl.com>; Wed, 12 Jul 2023 12:29:26 -0700 (PDT)
Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C71B7C14CEFF for <acme@ietf.org>; Wed, 12 Jul 2023 12:29:26 -0700 (PDT)
Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-668730696a4so4242599b3a.1 for <acme@ietf.org>; Wed, 12 Jul 2023 12:29:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689190166; x=1691782166; h=in-reply-to:from:content-language:references:to:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=dpLT0Fd6oU7+PaOqsmUOYDQuwezh93vlW7rV5f44Hd0=; b=Fz8bFWWzrrZX13FYF8ZCiruVWhWjJ8vQlwf62/clBQYfS5aIfivq4K6cvNeCKYMcPR SbvgAaFstgc93nDrnyhjkYUBgiz0TyBthWVit39dKOAOweKLpD1dTYRqXMCB/1Y+kUbS A0/RrzEEvK+Tl7vFddYkcvh3yQzzCzp4AoAH8/eFmSIxDZbshpVv7+xjxfpfc2pS8SEl C4kDH9m1U6KxdjeZVMURRn5vqtr/+QDoI/uZb9BhdnEYQ8kCMWG2F3r4lyx/1vLys2WJ +ZkeMQW1h+hsPP/EGlmQ7AlRFI/BoPy3xu8lgRcm0h5jwTwzIEOwmiL3Fb/dgai5u14v U8Lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689190166; x=1691782166; h=in-reply-to:from:content-language:references:to:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=dpLT0Fd6oU7+PaOqsmUOYDQuwezh93vlW7rV5f44Hd0=; b=Rpi2r9Rv87NJYx9sDYQPB/eYB5ApSM0e6JtGvXa5Snw3tiJjUdWsy0BRt2Kps1/2/S HukedNX+XxHtS6CuhJq2EtiydoLQ723ivU9VhQkQVcHbVq0DosRnAQaBt8k2Z5wCCMjB 47d/hltNocm0fxosku/w9MyldSHKUS+pC+an0G3S4+YdK8sO2PILnA0q1nf+Zkya9Umj k/CZROZIvCsQHxCxgocTwt9mvNHqdns6HnFz+T10eAw3ai8NSQ0iLOISFuFXMfoeBoo7 zFHPWn7bgvU6Lsv499RqIeTt+UZmYMs1HUHMXa74E7Yhsu4LmCW9YFLV8C/H2C2T6nXn c0Vw==
X-Gm-Message-State: ABy/qLbA/p63MYYpkat3ohoCDqANMhRCPhlWRnya7173a47K0lXH8n2m WocE7OFk7oG+TmXGaCvKg7HdA/Ti5yBIsA==
X-Google-Smtp-Source: APBJJlGVWuSmOSXY1KaOosFgWTa+zvG6T8WAnwQxMk2532b67lTku1GGiRSYusBLweKMUBl1twKJjg==
X-Received: by 2002:a05:6a20:605:b0:12d:1d8f:6af8 with SMTP id 5-20020a056a20060500b0012d1d8f6af8mr13888605pzl.18.1689190165807; Wed, 12 Jul 2023 12:29:25 -0700 (PDT)
Received: from ?IPV6:2406:5900:1038:1000:74ee:ba4b:cbe2:5949? ([2406:5900:1038:1000:74ee:ba4b:cbe2:5949]) by smtp.gmail.com with ESMTPSA id d7-20020aa78147000000b0067ea048cf83sm3923272pfn.186.2023.07.12.12.29.24 for <acme@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 12 Jul 2023 12:29:25 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------pSKdxlQU96000XbWVFm9YNtZ"
Message-ID: <bcd25ad2-98aa-6af5-4b3c-4b156dfc31a6@gmail.com>
Date: Thu, 13 Jul 2023 04:29:23 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0
To: acme@ietf.org
References: <168865435873.61106.2850041921157081937@ietfa.amsl.com> <CH0PR11MB5739FDB26BF675925C449AA69F2CA@CH0PR11MB5739.namprd11.prod.outlook.com> <c940e1f9-8dde-f116-fa7b-d7519c1b3cc7@gmail.com> <LV2PR11MB5975448E7C35FC1335F8B474F82DA@LV2PR11MB5975.namprd11.prod.outlook.com> <6628ae69-f61b-3165-3efa-7d4768e19b62@gmail.com> <D07CAC42-135C-42DA-A9A2-422B7757B448@akamai.com> <CAMEWqGskfMfcttcUTLG-3uLSQNnc+iYcWZuypCZHiETewEsG=g@mail.gmail.com> <LV2PR11MB59757256A049E053B1182D1DF836A@LV2PR11MB5975.namprd11.prod.outlook.com> <SN7PR14MB64926F791C50EDDFCF4291328336A@SN7PR14MB6492.namprd14.prod.outlook.com> <LV2PR11MB59755B54227729113733FCD4F836A@LV2PR11MB5975.namprd11.prod.outlook.com> <SN7PR14MB649214DD146349C3EB3972958336A@SN7PR14MB6492.namprd14.prod.outlook.com> <LV2PR11MB5975530883304B857A325824F836A@LV2PR11MB5975.namprd11.prod.outlook.com>
Content-Language: en-US
From: Seo Suchan <tjtncks@gmail.com>
In-Reply-To: <LV2PR11MB5975530883304B857A325824F836A@LV2PR11MB5975.namprd11.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/U-qaRy7NbhFONwC6k5CNcU8-dU8>
Subject: Re: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2023 19:29:30 -0000

I think make priority descending order removes such headache: default is 
0 and so it has lowest priority than any other integer, make no reason 
to treat 0 exceptionally.


2023-07-13 오전 3:34에 Paul van Brouwershaven 이(가) 쓴 글:
> I have to agree that 0 is not a positive integer and reverted the 
> prior change:
>
> /> In the case that this parameter is not specified*_or contains the 
> value "0"_*, the entry will be considered to have a lower priority 
> than all entries which specify any priority./
> /
> /
> So, setting "0" would invalidate the parameter, causing the ACME 
> client to ignore the CAA record all together.
>
> Does this also make sense to you Q?
>
> ------------------------------------------------------------------------
> *From:* Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>
> *Sent:* Wednesday, July 12, 2023 19:32
> *To:* Paul van Brouwershaven <Paul.vanBrouwershaven@entrust.com>; Q 
> Misell <q@as207960.net>
> *Cc:* acme@ietf.org <acme@ietf.org>
> *Subject:* RE: [Acme] FW: [EXTERNAL] New Version Notification for 
> draft-vanbrouwershaven-acme-auto-discovery-00.txt
>
> If priority is defined as a positive integer (which makes sense to 
> me), then zero is an error, yes.
>
> If it’s desirable to have a “no priority” value, then zero might be a 
> reasonable choice for such a value.  But it’s hard to reason about 
> whether “no priority” is higher or lower than items that do have 
> priorities, so I think “no priority” adds additional complexity that 
> should not be added unnecessarily.  I think it’s simpler to stick to a 
> single, ordered list of priority numbers, and ordinal numbers (a.k.a 
> positive integers) are the best way to express that.
>
> -Tim
>
> *From:* Paul van Brouwershaven 
> <Paul.vanBrouwershaven=40entrust.com@dmarc.ietf.org>
> *Sent:* Wednesday, July 12, 2023 1:01 PM
> *To:* Tim Hollebeek <tim.hollebeek@digicert.com>; Q Misell 
> <q@as207960.net>
> *Cc:* acme@ietf.org
> *Subject:* Re: [Acme] FW: [EXTERNAL] New Version Notification for 
> draft-vanbrouwershaven-acme-auto-discovery-00.txt
>
> > Anyone who argues that zero is a positive integer should be referred 
> to the standard math textbook of positive.  Zero is a non-negative 
> integer, but I’m not aware of any definition of “positive” that makes 
> it a positive integer.
>
> Do you argue that "0" should be threatened as an error instead of 
> equal to no priority?
>
> ------------------------------------------------------------------------
>
> *From:*Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>
> *Sent:* Wednesday, July 12, 2023 6:43:21 PM
> *To:* Paul van Brouwershaven <Paul.vanBrouwershaven@entrust.com>; Q 
> Misell <q@as207960.net>
> *Cc:* acme@ietf.org <acme@ietf.org>
> *Subject:* RE: [Acme] FW: [EXTERNAL] New Version Notification for 
> draft-vanbrouwershaven-acme-auto-discovery-00.txt
>
> Anyone who argues that zero is a positive integer should be referred 
> to the standard math textbook of positive.  Zero is a non-negative 
> integer, but I’m not aware of any definition of “positive” that makes 
> it a positive integer.
>
> Also, ignoring failures in CAA records is probably not the right 
> answer.  CAA should fail closed, not open.
>
> -Tim
>
> *From:* Acme <acme-bounces@ietf.org> *On Behalf Of *Paul van Brouwershaven
> *Sent:* Wednesday, July 12, 2023 9:52 AM
> *To:* Q Misell <q@as207960.net>
> *Cc:* acme@ietf.org
> *Subject:* Re: [Acme] FW: [EXTERNAL] New Version Notification for 
> draft-vanbrouwershaven-acme-auto-discovery-00.txt
>
> Hi Q,
>
> Thanks, this is great and really helpful!
>
>     Is priority=0 an error coditition, some might argue 0 is a
>     positive integer?
>
> Any suggestion? maybe we should simply start counting at 0 instead of 1
>
>     What about discovery=foobar?
>
> "foobar" is not a Boolean, the text is clear that this parameter MUST 
> be a Boolean, so this should invalidate the parameter.
>
>     Should the client ignore invalid issue records and process the
>     rest, or fail outright?
>
> We should ignore the failure of a single CAA record and continue with 
> the next, similar to when the client encounters ACME errors.
>
> I will clarify this with the following change:
>
>     /The ACME client analyzes the CAA records - > The ACME client
>     analyzes the *_valid _*CAA records /
>
> It looks like you implemented discovery as a pre-condition while 3.1.1 
> specifies:
>
>     /When this parameter is not specified the client MUST assume that
>     discovery is enabled./
>
> There is however a comment in the examples that this behavior might 
> need to change if deemed necessary.
>
> Paul
>
> ------------------------------------------------------------------------
>
> *From:*Q Misell <q@as207960.net>
> *Sent:* Wednesday, July 12, 2023 15:06
> *To:* Paul van Brouwershaven <Paul.vanBrouwershaven@entrust.com>
> *Cc:* acme@ietf.org <acme@ietf.org>
> *Subject:* Re: [Acme] FW: [EXTERNAL] New Version Notification for 
> draft-vanbrouwershaven-acme-auto-discovery-00.txt
>
> Hi all,
>
> I happened to be poking around the certbot codebase today and decided 
> to try and implement this draft.
>
> It turned out to be a much simpler task than I had expected, however I 
> felt the draft was a bit lacking in details for what the ACME client 
> should consider an error.
>
> For example:
>
>   * Is priority=0 an error coditition, some might argue 0 is a
>     positive integer?
>   * What about discovery=foobar?
>   * Should the client ignore invalid issue records and process the
>     rest, or fail outright?
>
> My fork of certbot with the implementation is available at 
> https://github.com/as207960/certbot/tree/auto-discovery 
> <https://urldefense.com/v3/__https:/github.com/as207960/certbot/tree/auto-discovery__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g84d3UvJ3$>.
>
> Thanks,
>
> Q
>
> ------------------------------------------------------------------------
>
> Any statements contained in this email are personal to the author and 
> are not necessarily the statements of the company unless specifically 
> stated. AS207960 Cyfyngedig, having a registered office at 13 
> Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca 
> Digital, is a company registered in Wales under № 12417574 
> <https://urldefense.com/v3/__https:/find-and-update.company-information.service.gov.uk/company/12417574__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g8-o0EXCj$>, 
> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 
> <https://urldefense.com/v3/__https:/ico.org.uk/ESDWebPages/Entry/ZA782876__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g86EYmrmH$>. 
> UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 
> 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, 
> having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni 
> küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company 
> registered in Estonia under № 16755226. Estonian VAT №: EE102625532. 
> Glauca Digital and the Glauca logo are registered trademarks in the 
> UK, under № UK00003718474 and № UK00003718468, respectively.
>
> On Fri, 7 Jul 2023 at 14:32, Salz, Rich 
> <rsalz=40akamai.com@dmarc.ietf.org> wrote:
>
>       * how about ratelimit? for large hosting they will hit CA's
>         default API ratelimit fast
>
>     The HTTPAPI working group is working on standard HTTP headers for
>     specifying rate limits.  See
>
>     https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/
>     <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g81_OWtQS$>
>
>     _______________________________________________
>     Acme mailing list
>     Acme@ietf.org
>     https://www.ietf.org/mailman/listinfo/acme
>     <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g8yXgZATe$>
>
> /Any email and files/attachments transmitted with it are intended 
> solely for the use of the individual or entity to whom they are 
> addressed. If this message has been sent to you in error, you must not 
> copy, distribute or disclose of the information it contains. _Please 
> notify Entrust immediately and delete the message from your system._/
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email