Re: [Acme] RFC 8823 email-reply-00: How to concatenate the tokens?
Richard Körber <acme2@ml.shredzone.de> Sat, 05 June 2021 14:35 UTC
Return-Path: <acme2@ml.shredzone.de>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C876A3A2501 for <acme@ietfa.amsl.com>; Sat, 5 Jun 2021 07:35:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=i7o.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WS1LZenbD0wT for <acme@ietfa.amsl.com>; Sat, 5 Jun 2021 07:35:55 -0700 (PDT)
Received: from i7o.de (i7o.de [95.216.117.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF5ED3A2507 for <acme@ietf.org>; Sat, 5 Jun 2021 07:35:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=i7o.de; s=dkim_1; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version: Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Wy7hhrtXi+fUYON0Upl8U8KBPmXv/iAZgeEU9XIo/Cw=; b=R2CUtJ2Qdt262Cg3uVdW20hGa8 GB+2jobiJtsC1KM2za9/La7WICYNg5corznXgpCKI+o2XiaHKMWvuLTR+on4zYqe1HNTvBg/NWsHp mC8kxl8vNNvpWr+wLqi/MM7rTB8EuOYKW/p8G5xf75LSSH2y4Cj3l5rdb2uGDtFIFo7k=;
Received: from p5ddd7e3a.dip0.t-ipconnect.de ([93.221.126.58] helo=[192.168.0.17]) by i7o.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) (envelope-from <acme2@ml.shredzone.de>) id 1lpXOy-0005KI-01 for acme@ietf.org; Sat, 05 Jun 2021 16:35:52 +0200
To: acme@ietf.org
References: <a7b2cdea-53a0-2cd9-f07a-07f069d792a5@i7o.de> <003801d75a15$dae60640$90b212c0$@sebbe.eu>
From: Richard Körber <acme2@ml.shredzone.de>
Message-ID: <9dc59324-80db-a89b-509c-c81be5a89ed7@i7o.de>
Date: Sat, 05 Jun 2021 16:35:51 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
MIME-Version: 1.0
In-Reply-To: <003801d75a15$dae60640$90b212c0$@sebbe.eu>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/VnG5NwfGAfmRxyLOwM_35iwceX4>
Subject: Re: [Acme] RFC 8823 email-reply-00: How to concatenate the tokens?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jun 2021 14:36:00 -0000
> Rather, you should decode both token-parts, then concatenate the result, and use the result (as a byte array) to do the key-authorization calculation.
RFC 8555 Section 8.1 says:
A key authorization is a string that
concatenates the token for the challenge with a key fingerprint,
separated by a "." character:
keyAuthorization = token || '.' || base64url(Thumbprint(accountKey))
It further says that "the token for a challenge is a string comprised
entirely of characters in the URL-safe base64 alphabet. The "||"
operator indicates concatenation of strings."
So the computation of the key authorization is a purely string-based
operation. I cannot use the decoded and concatenated byte array for it.
Best,
Richard Körber
- [Acme] RFC 8823 email-reply-00: How to concatenat… Richard Körber
- Re: [Acme] RFC 8823 email-reply-00: How to concat… Sebastian
- Re: [Acme] RFC 8823 email-reply-00: How to concat… Richard Körber