IETF Logo Mail Archive

Re: [Acme] [Technical Errata Reported] RFC8555 (6364)

Aaron Gable <aaron@letsencrypt.org> Thu, 04 January 2024 16:03 UTC

Return-Path: <aaron@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C12C14F60F for <acme@ietfa.amsl.com>; Thu, 4 Jan 2024 08:03:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l2vKjHmN74CV for <acme@ietfa.amsl.com>; Thu, 4 Jan 2024 08:03:08 -0800 (PST)
Received: from mail-oa1-x2f.google.com (mail-oa1-x2f.google.com [IPv6:2001:4860:4864:20::2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB3EBC14F61B for <acme@ietf.org>; Thu, 4 Jan 2024 08:03:08 -0800 (PST)
Received: by mail-oa1-x2f.google.com with SMTP id 586e51a60fabf-2041bb80cb3so347260fac.2 for <acme@ietf.org>; Thu, 04 Jan 2024 08:03:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; t=1704384188; x=1704988988; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=2o7GUgnqWXyJbezGpioZDbfJh6yPE/PQe153exu0xZE=; b=VeXoG9+sRUroo18U1rItKJygS2zBFBMJGMig5fbavSKm9/oz8kHVMRcmFbTlryomHk BkbRoixGDzUxOsXocDSbE1YXurunevgLbfP/eowGRRg0SU7xwqr1k0tUAGC0AqL+gwJU NlfPKs/HE8gLYOKB5VFyfvutRza8FmqHN/+AI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704384188; x=1704988988; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2o7GUgnqWXyJbezGpioZDbfJh6yPE/PQe153exu0xZE=; b=kg15Cdp8nb81nzpdvIuNliDAu1lGgxqF5WIfkOEK1FaCGdzvYt+87BTtchdA0CsGBb MIp+ApKb1cB+e8116u+iUq4cZrQVy8pqEK6mHwBrRusu4K1ShQVymV02eC4qZzOZ8G11 /Pej5iJLmxwZTCho/i4LnGO0rirvtonPLgxankCFul0GQ/AxYkq1s6TNsV2SkcpqA4KP 6v0cje0JLerZl41fgVVECieov8QymVrj8v9fuDG1Q+/LSWWRyjVVjkVmt2SPfmATO+qC HUCSxq54RoRTuUepbV4U4F3KMOT8u0gHz7GTRsRJymhN2tZvnnznGSJEzs/GMsgnLzfQ /7+A==
X-Gm-Message-State: AOJu0Yzulr93OgbGgRXYbxYfgNvjYJ4dWJ23Y5vB41Db0zj5DBbZXois ZeY/6nUyIFW7II5J01OtDzEKqEbKktXTKZQ72heEIAHtOsvDnA==
X-Google-Smtp-Source: AGHT+IFxmtsLtxEFK7O/TyaNY6N/5WQ3+Z2sJKP2rdPnK1sf3RYAkFhrCB4Y3JiMxlAYizrSfLCrN4UZk5jb+DqMQfo=
X-Received: by 2002:a05:6871:2287:b0:204:f0b:3bfd with SMTP id sd7-20020a056871228700b002040f0b3bfdmr769869oab.43.1704384187753; Thu, 04 Jan 2024 08:03:07 -0800 (PST)
MIME-Version: 1.0
References: <20201223123453.28D1BF40768@rfc-editor.org> <CAGgd1Of_L6q_8Gc8WpKULVe9mjtB3Luj52p6AU3rAoQc0pWFgg@mail.gmail.com>
In-Reply-To: <CAGgd1Of_L6q_8Gc8WpKULVe9mjtB3Luj52p6AU3rAoQc0pWFgg@mail.gmail.com>
From: Aaron Gable <aaron@letsencrypt.org>
Date: Thu, 04 Jan 2024 08:02:57 -0800
Message-ID: <CAEmnEre1xUXZwbDnvnn2L25qRB+fm0nH5eAaQeqPCUPvjdcgVw@mail.gmail.com>
To: Deb Cooley <debcooley1@gmail.com>
Cc: rlb@ipv.sx, jsha@eff.org, jdkasten@umich.edu, rdd@cert.org, ynir.ietf@gmail.com, acme@ietf.org, ekaratsiolis@mtg.de, RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: multipart/alternative; boundary="000000000000127ce7060e20de0f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/VMwcVjV0yficHbKNSPb6lRu9KFg>
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (6364)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jan 2024 16:03:13 -0000

Adding "or false" to the existing sentence seems correct to me, as a
technical erratum.

Adding the sentence regarding pre-authorizations is purely editorial; there
is already text elsewhere in the document which makes that clear.

Aaron

On Thu, Jan 4, 2024 at 3:32 AM Deb Cooley <debcooley1@gmail.com> wrote:

> Today's Errata....  This looks editorial to me.  Opinions?
>
> Deb
>
> On Wed, Dec 23, 2020 at 11:22 AM RFC Errata System <
> rfc-editor@rfc-editor.org> wrote:
>
>> The following errata report has been submitted for RFC8555,
>> "Automatic Certificate Management Environment (ACME)".
>>
>> --------------------------------------
>> You may review the report below and at:
>> https://www.rfc-editor.org/errata/eid6364
>>
>> --------------------------------------
>> Type: Technical
>> Reported by: Evangelos Karatsiolis <ekaratsiolis@mtg.de>
>>
>> Section: 7.1.4
>>
>> Original Text
>> -------------
>>    wildcard (optional, boolean):  This field MUST be present and true
>>       for authorizations created as a result of a newOrder request
>>       containing a DNS identifier with a value that was a wildcard
>>       domain name.  For other authorizations, it MUST be absent.
>>       Wildcard domain names are described in Section 7.1.3.
>>
>> Corrected Text
>> --------------
>>    wildcard (optional, boolean):  This field MUST be present and true
>>       for authorizations created as a result of a newOrder request
>>       containing a DNS identifier with a value that was a wildcard
>>       domain name.  For other authorizations, it MUST be absent or
>>       false.  For pre-authorizations, it MUST be absent or false.
>>       Wildcard domain names are described in Section 7.1.3.
>>
>> Notes
>> -----
>> This section states that the wildcard field must be absent for other
>> authorizations, but the example in this section has an explicitly set
>> wildcard field with value false. The proposed change allows both options,
>> either omitting it or explicitly setting it to false. Also a sentence has
>> been added to explicitly describe the behavior for pre-authorizations.
>>
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party
>> can log in to change the status and edit the report, if necessary.
>>
>> --------------------------------------
>> RFC8555 (draft-ietf-acme-acme-18)
>> --------------------------------------
>> Title               : Automatic Certificate Management Environment (ACME)
>> Publication Date    : March 2019
>> Author(s)           : R. Barnes, J. Hoffman-Andrews, D. McCarney, J.
>> Kasten
>> Category            : PROPOSED STANDARD
>> Source              : Automated Certificate Management Environment
>> Area                : Security
>> Stream              : IETF
>> Verifying Party     : IESG
>>
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme
>>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

v2.23.0 | Report a Bug | By Email