Re: [Acme] Remove combinations array

James Kasten <jdkasten@umich.edu> Wed, 17 August 2016 20:19 UTC

Return-Path: <jdkasten@umich.edu>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EB8912D0FF for <acme@ietfa.amsl.com>; Wed, 17 Aug 2016 13:19:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3CZeVDFLOkT1 for <acme@ietfa.amsl.com>; Wed, 17 Aug 2016 13:19:46 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B37B412D190 for <acme@ietf.org>; Wed, 17 Aug 2016 13:19:45 -0700 (PDT)
Received: by mail-oi0-x229.google.com with SMTP id 4so152234682oih.2 for <acme@ietf.org>; Wed, 17 Aug 2016 13:19:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Ip0eHPT2NzaccJzE2k3LTeN4jha7lW5mwvcRJnIHq5s=; b=BYkVI7AZYFJDO/o7GYxSeH6Nl4WkH1sBt2w4sRPFGKoulgCMPemri9rXtO1p3SA9+d eTYzNoE38xyjSXLapNVIYCyNliT08kQZrTVB8pjKHakG0kYgiLwI+cPvUljc9KBNPjZz wPO//Ehlg1fyE/K6dAUBzqJKaDLq8BFx2bf2CUIwTfaO53d4t1XXjOB2aK9Ng6AMPjnT JyTGgMoF5y5ghK99xh1xEVXjajHLi6CGrcmdgiI7YoW6ZaFXZZMWExfqCXsyzPjzRHyJ K5TfiqGBOuR6jR3tLVOzC4K4l1Hjr2giO4fcFKhHUOXbxEqNzTjZ8VTHRVA3JaF6zooL Xigg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Ip0eHPT2NzaccJzE2k3LTeN4jha7lW5mwvcRJnIHq5s=; b=b2+d+b4LzdQ3y7mO4O5lE7sHm+y3LwIu4lOPoOabE8gw5VxHfeJeHfxs1BQ2/5PWTe DSNRWcf0bstjCaI99ju4GNd2tuO4blknGe9O3Bg6bFWWeArinAfACvcIryVj6eFm7Gkq kepOe8sIcbnCPtkjM9/7J+RJ8ulr6YRb58uBUJxTGaZrzm4uyhaNkip3TNn09HH0aPU3 RLUH82Ve4z3xv0KIOui4jEyUYwLG2CSZGUYzGk2Jzaana7Jex6YqUyCxqNK1CVpeionl AhxQUxUpFPW7Qa9sw69xpyT3avHF735XGzdnBRTagNshE5FVSfq/ypJ+ss19WkIyTiac X8lw==
X-Gm-Message-State: AEkoouuzxxVCKW0szoLm1ykvVDJCCyLT0mcmaE3s/V3U4rl6Aqz/gSdR7PWL7j6jPG6GLKOzfAXqUriHuZ+aUIZ/
X-Received: by 10.157.25.171 with SMTP id k40mr3557942otk.5.1471465184739; Wed, 17 Aug 2016 13:19:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.147.66 with HTTP; Wed, 17 Aug 2016 13:19:44 -0700 (PDT)
In-Reply-To: <CAL02cgRjz2gN-Wf-8ybCrtWEGw+d1EtqbFmwwK_JfFaiG=rw=g@mail.gmail.com>
References: <e5054e02-af84-e87e-1c73-aa48876866e4@eff.org> <CAL02cgRjz2gN-Wf-8ybCrtWEGw+d1EtqbFmwwK_JfFaiG=rw=g@mail.gmail.com>
From: James Kasten <jdkasten@umich.edu>
Date: Wed, 17 Aug 2016 13:19:44 -0700
Message-ID: <CAAEpsx-q-ZFev00cwTsb8X6=iRLaamMZSc_DvhTf-8B0AgvaTg@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary="94eb2c09b418a2d835053a4a2fba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/Zcul1YF-45IQsdHSN1Qb--XvzSo>
Cc: "acme@ietf.org" <acme@ietf.org>, Jacob Hoffman-Andrews <jsha@eff.org>
Subject: Re: [Acme] Remove combinations array
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2016 20:19:51 -0000

Agreed. The removal greatly simplifies the protocol. As you noted, the
addition of the "application requirements" achieves the same intended
result.

On Wed, Aug 17, 2016 at 12:41 PM, Richard Barnes <rlb@ipv.sx> wrote:

> SGTM.  I never like "combinations" much anyway :)  I put one editorial
> comment in the PR.
>
>
> On Wed, Aug 17, 2016 at 2:22 PM, Jacob Hoffman-Andrews <jsha@eff.org>
> wrote:
>
>> https://github.com/ietf-wg-acme/acme/pull/171
>>
>> This is a fairly complicated part of the protocol, and not used in
>> practice. For instance, in Let's Encrypt's implementation, there are
>> always three challenges, any one of which may be fulfilled by the client.
>>
>> After this change, all challenges are considered to be combined with an
>> "OR." That is, any challenge within an authorization may be completed to
>> make the authorization valid.
>>
>> Authorizations within the new-application object are considered to be
>> combined with an "AND." That is, all of them must become valid before
>> the certificate will be issued. The combination of the two means that we
>> have similar expressiveness as before, even without the combinations
>> array.
>>
>> Thoughts?
>>
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme
>>
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>
>