Re: [Acme] Éric Vyncke's No Objection on draft-ietf-acme-ip-07: (with COMMENT)
Roland Shoemaker <roland@letsencrypt.org> Tue, 01 October 2019 17:24 UTC
Return-Path: <roland@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAF1312082D for <acme@ietfa.amsl.com>; Tue, 1 Oct 2019 10:24:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zelYMlqXN7Hj for <acme@ietfa.amsl.com>; Tue, 1 Oct 2019 10:24:27 -0700 (PDT)
Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 676D21209CF for <acme@ietf.org>; Tue, 1 Oct 2019 10:24:16 -0700 (PDT)
Received: by mail-oi1-x229.google.com with SMTP id x3so15172284oig.2 for <acme@ietf.org>; Tue, 01 Oct 2019 10:24:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rUzzgPfvLSCXwW4OnVdrnFaR61WqZ1MII1ihoaREwa4=; b=EAQ4IORoepUrr429xV6qGva19nzLX+4+h1cgq8aCLk6PgkpQSZIc0vhqo7eO81+cnY MSS/piQw2fhFxGxl0x7o1Z16x/K+MjUOR1Ed1SSWTqQQB0HxMiQtt1ga6gph1YyY7HSl UQf/sid8Fd40SkW50S0NiLTzPDcfzVWmXCA48=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rUzzgPfvLSCXwW4OnVdrnFaR61WqZ1MII1ihoaREwa4=; b=cG9jucQqyXSS1g0gklrR9Z2+gEnL0VnPoSPJ+CYkrpb6cTTe1fDYxYgS2CeufvUtuU +lYzBMe7xEw72DCX3RuwI+jXY1jNc/rF/aadw19FsQhr5g9nVadRU4e0kUZuxyUcLpvy ddf/Td2qO9MQwo79T8g+YwXYLA3B9Wem/6KalO8EQqPymQOp1Ge7ySghxPO6+dUFh2ZO o+vwEZfmCJ50Kj3bZhqB6qdYWgY4SoJqd4FZdoyZ3lF2UXDBgNwhymNu1zFzLIjJ9aWn SBqE74n5+csdRpQ3/v6x5D5pYH3Po6/lyfrSv3QnaAG8Ob/i5KdY026DMWGq3KgzVFO+ UoDg==
X-Gm-Message-State: APjAAAVJa4mqbdBxjxVQVv+Az0dKdRxhYOhsLFqQkz6vzsPQCM7Nao8x jt9WTCO+scRotLDHADfXz6dqYg==
X-Google-Smtp-Source: APXvYqz5bH4GSxCi7K2mOUA8t8pIuaLAPF8BvFNa9GcKnLmUcLja3wQ19qh+zgZmnsdZ0UyI67iqEg==
X-Received: by 2002:aca:eb09:: with SMTP id j9mr4878139oih.105.1569950655606; Tue, 01 Oct 2019 10:24:15 -0700 (PDT)
Received: from ?IPv6:2600:1700:bd50:a5b0:acbd:9dc3:a492:1744? ([2600:1700:bd50:a5b0:acbd:9dc3:a492:1744]) by smtp.gmail.com with ESMTPSA id y18sm4712316oto.2.2019.10.01.10.24.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Oct 2019 10:24:14 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Roland Shoemaker <roland@letsencrypt.org>
In-Reply-To: <156987778023.452.3991363499690423133.idtracker@ietfa.amsl.com>
Date: Tue, 01 Oct 2019 10:24:13 -0700
Cc: The IESG <iesg@ietf.org>, draft-ietf-acme-ip@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, acme-chairs@ietf.org, acme@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <308168A7-0417-46B4-9F15-B155FFD7DEAE@letsencrypt.org>
References: <156987778023.452.3991363499690423133.idtracker@ietfa.amsl.com>
To: Éric Vyncke <evyncke@cisco.com>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/YPvBl28tYsfooM4wAudMxVtj7ag>
Subject: Re: [Acme] Éric Vyncke's No Objection on draft-ietf-acme-ip-07: (with COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 17:24:30 -0000
Hey Éric, Thanks for the review. To answer your two questions: 1. Assuming you are referring to the “type” field of the standard ACME identifier object the use of “ip” was thought to be a bit more verbose as to what the identifier contained vs. “address”. There could be some confusion with using address about what kind of address this was, especially since certain types of certificates (i.e. OV and EV) can contain physical mailing addresses etc. 2. Allowing only /32 or /128 was mainly just to allow reuse of the existing challenge types from RFC 8555. Adding randomized selection from larger ranges would be possible but would really require completely new challenge types as the modifications that would need to be made (and the specification of the randomized processes etc) would alter the existing challenges too much. There was also no user demand when we first started working on this for anything other than validating individual addresses. If we see demand in the future I think new challenge types would make for a nice short extension to the existing specification. Thanks, Roland > On Sep 30, 2019, at 2:09 PM, Éric Vyncke via Datatracker <noreply@ietf.org> wrote: > > Éric Vyncke has entered the following ballot position for > draft-ietf-acme-ip-07: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-acme-ip/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Short and useful document: thank you for writing it. > > No need to reply to my two questions, but, I would appreciate your answers: > 1) why using a tag "ip" rather than "address" ? > 2) unsure whether it is doable, but, why only allowing /32 or /128 addresses? A > server can listen to a /64 (for some specific applications), so, requesting a > /64 via ACME would be useful (challenge could be done via a random address out > of this /64 for example) > > Regards > > -éric > >
- [Acme] Éric Vyncke's No Objection on draft-ietf-a… Éric Vyncke via Datatracker
- Re: [Acme] Éric Vyncke's No Objection on draft-ie… Roland Shoemaker
- Re: [Acme] Éric Vyncke's No Objection on draft-ie… Eric Vyncke (evyncke)