Re: [Acme] [Technical Errata Reported] RFC8555 (5771)
Jacob Hoffman-Andrews <jsha@eff.org> Tue, 02 July 2019 17:45 UTC
Return-Path: <jsha@eff.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFFA91206C9 for <acme@ietfa.amsl.com>; Tue, 2 Jul 2019 10:45:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.002
X-Spam-Level:
X-Spam-Status: No, score=-7.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eff.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AYDmUmt86UzK for <acme@ietfa.amsl.com>; Tue, 2 Jul 2019 10:45:13 -0700 (PDT)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A4CB1206D5 for <acme@ietf.org>; Tue, 2 Jul 2019 10:45:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version: Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=PhG1VxxwZB/l8ZXK/WcRcN+Ykg9ogGzKt1ipN8hVnh8=; b=t/vhaaL+5259MW3wk1ojf7jvJN Lc4ZQUltdRUBLSucHZExqfYUjug2iwDz/ZdhqZz9Wr2WrB7j+BNTJvd93SQ+xnX7JWYHIzvgZfIhv Hajufg46peXXrcMjSZF+VTSZVZe8G1axOaxxb8bZ3zLAaYkejBUdxLxy5KCwXmOBjCnU=;
Received: ; Tue, 02 Jul 2019 10:45:11 -0700
To: acme@ietf.org
References: <20190702140400.527D3B81CB0@rfc-editor.org>
From: Jacob Hoffman-Andrews <jsha@eff.org>
Message-ID: <c22adae2-1dae-b6b7-e76f-d6ed48a1369c@eff.org>
Date: Tue, 02 Jul 2019 10:45:11 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <20190702140400.527D3B81CB0@rfc-editor.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/VQxhJAQb6Pez2yRgPSN2AjGvRow>
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (5771)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 17:45:17 -0000
I'm in favor of this change in spirit, but it's pretty substantive and will actually do the wrong thing with some existing deployments. For instance, https://acme-v02.api.letsencrypt.org/directory currently has: Cache-Control: max-age=0, no-cache, no-store Which under this language would require clients to refetch the directory before every request. Definitely Let's Encrypt should fix that, but given that RFCs are meant to reflect "rough consensus and running code," I'm reluctant to make such a potentially breaking change to running code in an errata. I also feel a little uneasy at adding a MUST that is currently violated by every implementation that exists.
- [Acme] [Technical Errata Reported] RFC8555 (5771) RFC Errata System
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Salz, Rich
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Jacob Hoffman-Andrews
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Stefan Eissing
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Rob Stradling
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Salz, Rich
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Rob Stradling
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… stefan@eissing.org
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Rob Stradling
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Ask Bjørn Hansen
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Salz, Rich
- Re: [Acme] [Technical Errata Reported] RFC8555 (5… Rob Stradling