Re: [Acme] Remove the hyphen from the acceptable character set for _acme-challenge TXT records.
Matt Holt <matt@lightcodelabs.com> Wed, 25 November 2020 21:30 UTC
Return-Path: <matt@lightcodelabs.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF0F33A1E96 for <acme@ietfa.amsl.com>; Wed, 25 Nov 2020 13:30:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=lightcodelabs.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TMTVH5ELi9VU for <acme@ietfa.amsl.com>; Wed, 25 Nov 2020 13:30:21 -0800 (PST)
Received: from sender4-of-o51.zoho.com (sender4-of-o51.zoho.com [136.143.188.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2D4F3A1EB1 for <acme@ietf.org>; Wed, 25 Nov 2020 13:29:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606339795; cv=none; d=zohomail.com; s=zohoarc; b=N+uIHSN+yTIs2x7COIB0b3kYyllaoKJSZzegl2jspXwZAawo17DPf6i2+GDtglCpQ1pB0p3jurC6HFAksGVDUWBow4lpa2lhdHGsynvX/jhTF67RBmKO1PzYVMYeqtygMjwiutBylqz9phWw6VZGstCM3buTpwbLuBVyIKwb8ns=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606339795; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=pAmD7f7EQR5G7VvGxoPqRZeTwpDGzJb/pkVrFOTOtmA=; b=TnlphH2Kq/5KCL2E9UMn5K+apEpBWcOIqJzXlco9kCEYLoDtF6kryciHm82bMj7RagaoD4AVbPb6qtoi0VL8aRojbCCVpnp+TWKvYvAaFy+FuC2dlsXDfk4lVbI0asrwviQM6N5bdNygrC1DsXgZZCyKJlBb2H/9JGqLV2Uv0Zw=
ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=lightcodelabs.com; spf=pass smtp.mailfrom=matt@lightcodelabs.com; dmarc=pass header.from=<matt@lightcodelabs.com> header.from=<matt@lightcodelabs.com>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1606339795; s=zoho; d=lightcodelabs.com; i=matt@lightcodelabs.com; h=Date:From:To:Cc:Message-Id:In-Reply-To:References:Subject:MIME-Version:Content-Type; bh=pAmD7f7EQR5G7VvGxoPqRZeTwpDGzJb/pkVrFOTOtmA=; b=UffOY+ngKaJP/vbqr4v1C4vjk/SMdiy2BRqS+6Ynhys59jLZFm9M4g0AwPD/qA9N QXR+lHNAgakyQM8R3omAlgAcT2AFF0caF7l6UAkR1mGVY9qro4/LgoxgLBqBY9NKcvF eAvdnfeNkmk+v5Fe4GmpqlZRkWasRguHuAyh5+IE=
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1606339764506672.984993987841; Wed, 25 Nov 2020 13:29:24 -0800 (PST)
Date: Wed, 25 Nov 2020 14:29:24 -0700
From: Matt Holt <matt@lightcodelabs.com>
To: Mark@mimocad.io
Cc: acme@ietf.org
Message-Id: <176014fa116.1248a99d1293027.5698030297573256220@lightcodelabs.com>
In-Reply-To: <CAPOmKtNvUS_hjJFm6=6yV-ep0jqmEkr49kwLTZQDEQb8MPQa-A@mail.gmail.com>
References: <CAPOmKtNvUS_hjJFm6=6yV-ep0jqmEkr49kwLTZQDEQb8MPQa-A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_667685_1225774829.1606339764503"
Importance: Normal
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/YsPYi0CzGCJ1VBADYPMNfDzk_n4>
Subject: Re: [Acme] Remove the hyphen from the acceptable character set for _acme-challenge TXT records.
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2020 21:30:23 -0000
I believe this kind of request should go to the app within which the copying is done, not the ACME spec. Ultimately, the vision of ACME is to automate certificate management and to do away with any need for manual copy and paste, so in my opinion changing the spec to bend to a manual workflow seems counter-productive.Matt ---- On Wed, 25 Nov 2020 14:19:36 -0700 Mark@mimocad.io wrote ----Hello everyone, I have a bit of a feature request for you all. It's actually to remove the hyphen from the TXT records to make it easier to copy and paste into a DNS server record. Here's my scenario. I ran the following command on my server (Ubuntu 20.04) that as you can see has cerbot on it and a large number of domains to cover.certbot certonly --manual --preferred-challenges=dns --email Mark@MimoCAD.io --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d mimocad.io -d *.mimocad.io -d stonybrookems.io -d *.stonybrookems.io -d stonybrookems.com -d *.stonybrookems.com -d stonybrookems.net -d *.stonybrookems.net -d stonybrookems.org -d *.stonybrookems.org -d wlvac.com -d *.wlvac.com -d wlvac.net -d *.wlvac.net -d wlvac.org -d *.wlvac.org -d wlvacems.com -d *.wlvacems.com -d wlvacems.net -d *.wlvacems.net -d wlvacems.org -d *.wlvacems.org -d mimosdr.com -d *.mimosdr.com -d mimosdr.net -d *.mimosdr.net -d mimosdr.org -d *.mimosdr.orgWhile running that command I would get an output like the following...- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Please deploy a DNS TXT record under the name_acme-challenge.mimocad.io with the following value:6-K6v7VjtVpGhJk4d6Zx8qxsg6JFUZbGnnr-bDpKpScBefore continuing, verify the record is deployed.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Press Enter to ContinueNormal and expected behavior, yes. My issue is with the hyphen character. From my client machine macOS 11.0.1 when I'm copying DNS records with a double click of the string it stops at spaces appropriately but it stops at hyphens also. In essence, the expected operation of capturing the whole string inside of the select via double click does not work. This behavior is certainly produced in my environment and I would think in others as well. Try it yourself and see what happens! My request is that we simply discourage or disallow the use of the hyphen in the _acme-challenge TXT records as it offers poor usability for the accurate copy of these long complex strings from the console output into the DNS server.Thank you for your time,Respectfully.--Mark Tomlin, CEO.MimoCAD Inc. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
- [Acme] Remove the hyphen from the acceptable char… Mark Tomlin
- Re: [Acme] Remove the hyphen from the acceptable … Matt Holt
- Re: [Acme] Remove the hyphen from the acceptable … Michael Richardson
- Re: [Acme] Remove the hyphen from the acceptable … Manger, James
- Re: [Acme] Remove the hyphen from the acceptable … Michael Richardson